A man-in-the-middle (MitM) attack is a type of cyberattack where an attacker intercepts and relays communication between two parties without their knowledge, potentially stealing sensitive information. For instance, a hacker intercepts communication between a banking customer and their bank, and then poses as the bank official to steal information like a one-time PIN (OTP) from the customer. MitM attacks can include email hijacking, ID spoofing, session hijacking, DNS spoofing, and SSL hijacking.
Why are man-in-the-middle attacks a major threat?
These attacks are particularly dangerous as hackers obtain peoples’ personal information, like their banking account details, in real-time. As a result, they can change core account information, like login credentials or an email address to take over an account or gain access to a network, fast.
How do man-in-the-middle attacks work?
In MitM attacks, cybercriminals wedge themselves in the middle of data transactions, especially in incidents where a transaction has low security, such as non-secure public Wi-Fi hotspots. Next, using malware, the hacker accesses the individual’s web browser and redirects them to a fake website, which looks like the site they thought they were accessing, such as their mobile banking app. They intercept the data being sent, like the individual’s login credentials, and now have what they need to steal the customer’s identity and funds or carry out a cyberattack on a business.
How can banks prevent man-in-the-middle attacks?
Making use of secure connections, such as HTTPS rather than HTTP URLs, is one of the main ways to prevent man-in-the-middle attacks. Another is to watch out for phishing emails and similar scams, especially in banking fraud. Educating customers and employees about the latest scams can go a long way to reducing this type of cyberattack.
Fraud prevention measures that are effective against MitM attacks are typically more secure, like biometric authentication, utilize out-of-band communication, like push notifications or ensure the fraud prevention system has sufficient context for each transaction, like context-based authentication. A push notification, for instance, verifies the action the user wants to make, like a P2P payment. So, if it’s a fraudster trying to make that payment, the customer will be alerted through the notification and can prevent the attack.
Example:
Someone is shopping at a store and needs to increase their daily payment limit on their mobile banking app. However, they are already connected to what they thought was the shopping mall’s free Wi-Fi, which was actually a fake hotspot created by a hacker. When they log in to their mobile banking app, the fake hotspot’s malware intercepts all their sensitive information as they log in, providing the hacker with the info they need to commit banking fraud.