Man-in-the-middle attacks used in phishing are becoming more and more common. 

Because man-in-the-middle assaults in phishing operations are so effective, criminals are increasingly using them. 

According to a report from cybersecurity website, hackers are enticing victims to web servers capable of brokering the full authentication process rather than just one phoney login page where they would take the credentials. 

In other words, should the victim fall for the trick, the attackers get more than just their login credentials. Moreover, they would also give them session cookies, enabling them to get beyond multi-factor authentication (MFA). 

So, what is Man in the Middle attack?

A man-in-the-middle attack occurs when an attacker intervenes in communication between a user and an application. They listen to the discussion or impersonate the participants and create the impression that regular information flow is taking place. 

The purpose of an attack is to steal personal data, including credit card numbers, account information, and login passwords. Users of banking apps, SaaS companies, e-commerce websites, and other websites that require signing in are often the targets. 

The use of information gathered during an attack may include identity theft, unauthorised financial transfers, or unauthorised password changes. 

The infiltration phase of an advanced persistent threat attack can also employ to obtain access to a guarded perimeter. 

A Man in the Middle assault is similar to having your mailman review your bank statement, take note of your account details, and then reseal the box before delivering it to your home. 

Increased phishing danger

Considering this, the quantity of phishing emails increased by 35% between Q1 2022 and Q1 2023. Nearly all of the man-in-the-middle credential phishing campaigns that made it to victims’ inboxes focused on Microsoft Office 365 authentication. 

Last but not least, 55% of campaigns employed two URL redirects or more, making up 9 out of 10 efforts. 

Even though these malicious landing sites resemble real ones nearly exactly, there are several elements that the attackers can’t imitate. These considerations should always be kept in mind by employees when signing in any place, especially if the login link was provided in an email or social media message. 

Detecting man-in-the-middle in phishing attempts

Examining the URL in more detail will allow you to tell whether the landing page is malicious the quickest. Furthermore, the threat actors will attempt to make the URL as near to the original as possible. Hence, look for any odd terms, typos, or other similarities. Also, examining the website certificate, which is approved by a certificate authority, is another technique. It will tell users if a landing page is seeking your sensitive data. Users should also check their web browsers for the padlock icon. It signifies the certificate’s authenticity and the security of the connection between the browser and the destination. 

For instance “Microsoftonline.com” is listed as the real website’s common name in the certificate. The researchers concluded that the common name in the certificate from the man-in-the-middle server had nothing to do with Microsoft. 

Check out IT Company’s email security solutions right now.