Skip to main content

What is a man-in-the-middle attack?

29th September 2025

Could cyber criminals be intercepting your communications?

A man-in-the-middle (MitM) attack refers to when a bad actor secretly intercepts or alters communications between two parties who believe they are communicating with each other directly.

By positioning themselves between the victim (the user) and the service (website, app or network), attackers can eavesdrop on sensitive data, modify messages in transit and impersonate one or both parties.

The attacks typically exploit insecure communication channels, including unencrypted/poorly encrypted wi-fi networks, outdated or misconfigured SSL/TLS certificates, DNS spoofing or ARP poisoning.

To give an example, say a user connects to public wi-fi at a coffee shop. If an attacker is on the same network, they can use a tool to intercept traffic. The victim could then visit their bank’s website, thinking the connection is secure, and the attacker can intercept, capturing login details, and can then forward the request to the bank without raising any suspicions.

Types of MitM attack include:

·         Wi-fi eavesdropping – attackers set up rogue wi-fi hotspots or join an unsecure on to intercept traffic between users and sites

·         HTTPS spoofing – attackers trick the browser into thinking a connection is secure when it isn’t, using fake or compromised SSL certificates.

·         DNS spoofing – attackers alter DNS responses to redirect users to malicious sites (while they still think the domain is legitimate.

·         ARP spoofing (local network) – an attacker sends fake ARP messages to associate their MAC address with the IP of a legitimate device, meaning traffic meant for the gateway is sent to the attacker instead.

·         Email hijacking – attackers gain access to email communications and alter payment instructions to access sensitive information.

So, how can you defend against MitM attacks? We recommend avoiding public wi-fi (particularly for sensitive transactions), using a VPN, enabling MFA and checking sites for HTTPS. If you want to take your security further, please contact Interfuture Security.

YouTube: https://youtu.be/bGip7Gt5H3o

Back to top