What is a man-in-the-middle attack?
A man-in-the-middle (MITM) attack is when a criminal secretly intercepts and potentially alters communications between two parties who believe they are talking directly to each other — for example, between you and your bank.
Last reviewed: 10 June 2026
Explanation
In a MITM attack the attacker positions themselves as a silent relay between two communicating parties. Each party thinks they are communicating directly with the other, but all data passes through the attacker's system, who can read, copy, or modify it in real time.
Common MITM methods include creating fake Wi-Fi hotspots in public places (a coffee shop network named 'Free_CoffeeWifi' that looks legitimate), ARP spoofing on local networks, or DNS hijacking that redirects you to a fake website even when you type the correct address. SSL stripping attacks downgrade secure HTTPS connections to unencrypted HTTP.
In financial fraud, MITM attacks can intercept bank transfers. A criminal who has compromised your email or a business's email system monitors for invoices and replaces the legitimate bank account number with their own just before you make payment. This variant is sometimes called business email compromise or payment redirection fraud.
Protection involves always using HTTPS (the padlock icon), avoiding public Wi-Fi for financial transactions, using a VPN on untrusted networks, and verifying payment account details by phone using a number from an independent source — never one in the email itself.
Common red flags
- Using public or unsecured Wi-Fi for banking or shopping
- A website shows HTTP rather than HTTPS when you expect a secure login
- Your browser warns about an invalid or untrusted security certificate
- An invoice arrives by email with account details that differ from previous ones
- You are logged out of accounts unexpectedly or see unfamiliar login activity
What to do now
- Always verify changed payment details by calling the recipient on a known, independently verified number
- Use a VPN on public Wi-Fi networks
- Look for HTTPS and check the certificate if you have any doubts about a site
- If you suspect a payment was redirected, contact your bank immediately
- Report suspected MITM fraud to your national cybercrime authority
Frequently asked questions
Can HTTPS protect me from a MITM attack?
HTTPS significantly raises the bar by encrypting traffic and authenticating the server's identity. However, sophisticated MITM attacks can sometimes strip HTTPS or use fraudulent certificates. Always check that the certificate is issued to the genuine domain.
How common is public Wi-Fi MITM fraud?
Opportunistic attacks on public networks exist, but targeted financial MITM fraud more often exploits compromised routers or malware on the victim's device. The payment-redirection version, exploiting email systems, is currently more prevalent and costly.