Module 04 Man-in-the-Middle (MITM) Attack

You’ve heard that you shouldn’t
do your online banking at a coffee shop.
Do you know why?

One of the biggest cyber threats
that consumers face

comes from
man-in-the-middle attacks

in which hackers can see or manipulate a user’s private internet traffic.

(MITM) Attack

An MITM attack allows hackers to read the victim’s emails, see what websites they’re visiting,

steal valuable personal information, and even impersonate the user by stealing session cookies, passwords, and more.

Let’s Dig in.

MITM attacks allow hackers to insert themselves between users and the websites or internet services they use.

Hackers gather sensitive information through:

  1. Wi-Fi Eavesdropping
  2. Karma Attacks

There are several ways hackers can hijack a Wi-Fi connection.

  • They can create a fake Wi-Fi node called an "evil twin" that impersonates a legitimate Wi-Fi access point in order to trick users into connecting to it.
  • Another method is to observe a user’s web traffic over an unencrypted connection and look for known openings to hijack accounts.
  • And for attackers not particularly interested in being creative, they can simply find a router still using default settings or hack the user’s Wi-Fi password to gain access.

Karma Attacks

Karma’s good, right? Not this kind. You know how your smartphone is always scanning for open Wi-Fi access points to keep you connected, especially to familiar networks?

The attacker then replies to the probe and creates an access point with a matching network name that your phone recognizes thereafter, enabling ongoing MITM attacks without you being any the wiser.

Let’s Get Real.

49 suspects spread throughout Europe were arrested in simultaneous raids on suspicion of using man-in-the-middle attacks to commit bank fraud against a number of medium-to-large European companies.

They used that access to monitor corporate email accounts for payment requests.

When a request was made,they faked a transaction with a targeted company’s real site, tricking the victim into entering password and payment information that they used to divert an unauthorized
payment to themselves.

Knowledge Check Module 4


Use what you’ve learned about MITM attacks to select the best answer to the following questions.

    1. Your Chosen Answer: Your Chosen Answer:

  • Select a module below to continue.

    Click the previous arrow to review the Knowledge Check.