How to avoid a ‘Man-in-the-Middle’ cyber-attack

Such an attack allows criminals to read victim’s emails, steal sensitive details and impersonate people. Get advice from the Thames Valley Police Cyber Protect Team.

What is a Man-in-the-Middle attack?

A Man-in-the-Middle Attack (MitM) is a type of cyber-attack where attackers eavesdrop on and possibly alter the communications between two parties. A MitM attack allows criminals to see what websites a victim is visiting, read their emails, steal credentials, and/or impersonate others for further malicious purposes.

Attackers can do this in a few different ways. For example, they could set up their own 'fake' Wi-Fi access point which users connect to - all of their web traffic and information will then be captured by the attacker.

Similarly, an attacker can set up their access point to have the same identifying name as one which a user has previously connected to - the user's device may then automatically attempt to connect, and again the attacker can capture a lot of potentially sensitive information whilst the device is connected.

If you are communicating without secure encryption (e.g. through public open Wi-Fi spots that don't require a login, or websites that don't use HTTPS), then there is a risk of an attacker being able to take advantage of common openings to hijack that communication.

Alternatively, routers are another way in which an attacker can carry out MitM attacks. If a router has a weak password, or is still using the default factory settings, then it is relatively straightforward for an attacker to gain access to it. They can then gather information about the devices connected to that router, or even redirect those users to malicious websites.

How to mitigate against MitM attacks

There are a number of protective measures you can take to mitigate the risk of MitM attacks:

  • Don't use open/public Wi-Fi hotspots to conduct sensitive transactions or correspondence. Be wary of connecting to hotspots that do not require a password to connect
  • Disable 'auto-connect to networks' (or similar setting) on your devices. This can help prevent your devices connecting to compromised networks/spoofed networks.
  • Change the default/factory admin and password settings for your routers to mitigate the risk of them being compromised.
  • Look for HTTPS. Avoid exchanging information across websites that do not have the security HTTPS. (Note: just because a website uses HTTPS, it does not mean it is 100% legitimate - you still need to verify that a site is authentic through other means before you exchange any sensitive login details, e.g. check for misspelled URLs / suspicious or out of place links).

What to do if you are a victim of cyber-crime

If you have fallen victim to this or any other type of cyber-crime, report the incident to Action Fraud. You can report by phone on 0300 123 2040 or on the Action Fraud website.

Reporting helps build intelligence for law enforcement, which can aid investigations as well as informational campaigns to prevent others from becoming victims.

(Thanks to our colleagues at SWROCU for the above content)

Further advice and support on cyber threats

National Cyber Security Centre

NCSC (National Cyber Security Centre) provide a weekly resume of the current key issues that the NCSC wish to make the wider population and business communities aware of.

Cyber Security Information Sharing Partnership

CiSP (Cyber Security Information Sharing Partnership) is a joint industry and government initiative set up to exchange cyber threat information in real time, in a secure, confidential 
and dynamic environment, increasing situational awareness and reducing the impact on UK business.

Benefits of the CiSP include engagement with industry and government counterparts in a secure environment; early warning of cyber threats; the ability to learn from experiences, mistakes, successes of other users and seek advice; access to free network monitoring reports tailored to your organisations’ requirements.

If you wish to be provided with more specific information, please email: cyber.protect@thamesvalley.pnn.police.uk

Presentations from the police on the effects of cyber-crime

If your business is worried about the effects of cyber-crime, you can get additional information and request a presentation from the Constabulary in your area (TVP, Surrey & Sussex, and Hampshire Police).

You can also follow us on Twitter @TVPCyber_Fraud.

Report fraud to Action Fraud via the 24/7 online reporting tool for businesses and charities.

Business community ambassadors