Man-in-the-middle attack (MitM)
An attack in which a fraudster secretly intercepts and potentially alters communications between two parties who believe they are communicating directly with each other.
Also known as: MitM attack, interception attack
Last reviewed: 1 June 2026
In a man-in-the-middle (MitM) attack, the attacker positions themselves between two communicating parties — for example, between you and your bank's website, or between two businesses conducting a transaction — without either party knowing. The attacker can read, record, and in some cases modify the communications in transit.
Common MitM scenarios include fake public Wi-Fi hotspots (where the attacker controls the router), SSL-stripping attacks (downgrading HTTPS to HTTP), and BGP hijacking at the network level.
In the fraud context, MitM is used to steal session cookies (enabling account takeover without a password), intercept one-time passcodes, and modify payment instructions in real time. Using HTTPS, avoiding public Wi-Fi for sensitive transactions, and using a VPN on untrusted networks reduces risk.