What's Behind Man-In-The-Middle Attacks and How to Avoid Them

What's Behind Man-In-The-Middle Attacks and How to Avoid Them

May 17, 2025

It’s not the game many of us played as kids, but it is a distorted take on the same idea. Man-in-the-middle (MitM) cyberattacks do put someone in the middle of two sides, but that someone is a cybercriminal. And those on either side are clueless victims. In reality, MitM attacks are anything but a game.

How MitM Attacks Work

The goal of MitM attacks is making sure both sides believe they’re communicating directly with each other. That way, the hacker in the middle inserts themself into the conversation, “eavesdropping” and even manipulating what’s being communicated back and forth. A typical MitM attack can disrupt operations, intercept usernames and passwords, emails, banking, and other financial details. Below is the way MitM attacks play out, including ways to avoid being caught up in these crimes.

The MitM accesses networks, routers, and Wi-Fi connections, inserting themself into the middle of the two-way communication. Then, the MitM impersonates both people in the conversation, having them believe they’re talking directly with each other. While communicating back and forth, a MitM intercepts their messages. Hackers can alter them or insert their own messages and even inject malware, all with the goal of stealing sensitive data.

Avoiding MitM Attacks

Use caution while using public Wi-Fi as Information is easily intercepted by others. Consider using a VPN (Virtual Private Network) that encrypts internet connections and messages so they can’t be read by attackers.

Check website HTTPS, shown by a padlock icon to the far left of the web address/URL. The HTTPS encrypts information between the website and your browser, making it difficult for bad actors to change, intercept, or decipher it. While not 100% secure, it’s one indicator that the website is safe.

Always use two-factor authentication (2FA) when available. 2FA is an additional layer of identity authentication sent during login as a numerical code. The 2FA code prevents an attacker from logging into an account even if they have the password. For more security, use a hardware “key” or an authenticator app.

Keep all software updated, including browsers, programs, apps, and security. Updates frequently include bug fixes and improvements to device security. Turning on automatic updates can take some of the pressure off having to remember to do it manually.

Mobile Security

Accounts Drained By Zelle Smishing Scam

From time to time, scammers come up with a new tactic using new technology, new events, or whatever they can to continue tricking us into giving up our personal or confidential information. Over the past few years and with the increasing use of texting and SMS messaging, a newer one in the bag of tricks has been coined as “smishing.” Because it’s text, it often catches people off guard and causes them to react quickly, which is exactly what you shouldn’t do. READ FULL STORY

Your Security

Is Sideloading Worth The Risk Of Downloading Malware?

It’s been well-known that sideloading apps is a risky proposition. Just ask the 20 million Aptoide users who recently learned their personally identifiable information (PII) was posted online by a hacker. Aptoide, a popular third-party app “discovery platform” had its database hacked earlier this month. The cybercriminal behind the hack claims that in addition to the 20 million exposed data files, there’s an additional 19 million files in their possession. Whether that’s true or not remains a mystery for now, but the Aptoide incident shows (in a huge way) why app sideloading is risky at best and is not recommended by security professionals. READ FULL STORY

Mobile Security

Keeping Your Mobile Device Apps Virus Free

It’s no secret that cybercriminals take advantage of anxiety-filled times and the current coronavirus pandemic (COVID-19) is most certainly one of those moments. The latest cybersecurity news reports that Android smartphones are being targeted with apps claiming to have up-to-date data on COVID-19. These infected apps promise the latest updates, but to unsuspecting users who download them, they also promise malware will surely be installed on your mobile device. READ FULL STORY

Your Security

Online Security Tips From The BBB

Champions of consumers that they are, the Better Business Bureau (BBB) posted a warning reminder on their website about some of the risky online scenario’s consumers face every day. Keeping cyber safety in the forefront of our online activities isn’t always easy, but it’s always possible to do. The BBB knows this and wants consumers to be aware of some of the latest cyber scams and just how truly slippery they can be. It’s well-worth heeding what the BBB has to say about cybercrime and how to avoid the pitfalls that every hacker hopes we fall into. READ FULL STORY

Education

What Is A VPN And Do I Need One At Home

VPNs have been discussed before, but sometimes it’s good to refresh your memory about technology. There’s been a lot of talk about these mysterious VPNs-Virtual Private Networks-lately, especially with the increase in working from home. It’s become a rather common thing. Facebook announced that it would continue having those who can work from home, continue doing so for a while longer. If you are allowed to work from the comfort of your loungewear, you may want to know what the heck is a VPN and why do you need one? READ FULL STORY

Email Address

Create a new Verification Phrase Enter any word or words you like.
The email newsletter will arrive from news@stickleyonsecurity.com Please wait...