What is a Man-In-The-Middle attack and what you can do to prevent it.

Updated: Nov 15, 2021

Are you working from somewhere that isn’t your home or your place of work?

Are you using public Wi-Fi?

Do you know about Man-In-The-Middle (MitM) attacks?


If not, you should read on.

What is a Man-In-The-Middle attack?

When you are online, your device must connect to a Wi-Fi access point which in turns, connects you to the internet. The below is a very simple graphic of this process, but in reality there are numerous gateways that your connection has to go through before it reaches the end recipient.

All the data that you send to the web service, which could be log in details, goes through the Wi-Fi Access point.

A cyber-criminal can set up a Wi-Fi access point that they have control of, effectively getting in between you and the legitimate web service you are trying to access, which gives them the ability to look at all the data you send.


Using encryption (TLS/HTTPS) stops this simple MitM as even though the criminal is eavesdropping on your data, as it is encrypted, they won’t be able to change or read anything that you send. If you send unencrypted email, you are in effect sending a postcard, which everyone that sees that communication can read the contents.


So, the criminal must get inventive. They may send you to a fake version of the web page you are trying to access or fool you into thinking you need to enter your log in details to progress further, which enables them to capture your credentials.



So how can this affect my business?

Once a connection has been intercepted, a cyber criminal can do anything from simple spying to content injection. This could be obtaining the log in details to your email, social media or even your banking.

And although we have used the example of public Wi-Fi, similar attacks can work with insecure home routers and malware.

What should I do?

  • Try to use public Wi-Fi for browsing online only. If you are working away from the office, tether to your phone, or consider using a VPN (Virtual Private Network). This encrypts your traffic so even if you are being spied on then they won’t be able to read your data.

  • Make sure that the website you are connecting to is using HTTPS especially with banking websites. If you are seeing a banking application using HTTP then it is potentially a MitM attack.

  • Don’t allow your devices to connect to hotspots automatically.

  • Ensure you have changed the default password on your home router – did you know that older routers generally have the same password which can be found online? Check to see if yours can be with a quick internet search.

  • Make sure you have anti-malware installed on your devices.

For more information about staying resilient

We have recently held a panel discussion about the challenges of remote working. If you are working remotely either full or part time why don’t you have a listen Hybrid working and the future - webinar - YouTube.

The ECRC is here to help businesses in the Eastern region. If you would like to hear more about how the ECRC can help your business contact us today.

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the East is not responsible for the content of external internet sites that link to this site or which are linked from it.