Monkey
in
the
middle,
the
beloved
playground
staple,
extends
beyond
schoolyards
into
corporate
networks,
home
desktops,
and
personal
mobile
devices
in
a
not-so-fun
way.
Known
as
a
monkey-in-the-middle
or
man-in-the-middle
attack
(MiTM),
it’s
a
type
of
cybercrime
that
can
happen
to
anyone.
Here’s
everything
you
need
to
know
about
MiTM
schemes
specifically,
how
to
identify
when
your
device
is
experiencing
one,
and
how
to
protect
your
personally
identifiable
information
(PII)
and
your
device
from
cybercriminals.
What
Is
a
Man-in-the-Middle
Mobile
Attack?
A
man-in-the-middle
attack,
or
MiTM
attack,
is
a
scheme
where
a
cybercriminal
intercepts
someone’s
online
activity
and
impersonates
a
trusted
person
or
organization.
From
there,
the
criminal
may
ask
personal
questions
or
attempt
to
get
financial
information;
however,
since
the
device
owner
thinks
they’re
communicating
with
someone
with
good
intentions,
they
give
up
these
details
freely.
MiTM
is
an
umbrella
term
that
includes
several
cybercrime
tactics,
such
as:
-
IP
spoofing.
In
this
scheme,
a
criminal
squeezes
their
way
between
two
communicating
parties
by
hiding
their
true
IP
address.
(An
IP
address
is
the
unique
code
assigned
to
each
device
that
connects
to
the
internet.)
For
example,
the
criminal
may
eavesdrop
on
a
conversation
between
a
bank
representative
and
a
customer.
The
criminal
will
pretend
to
be
either
party,
gaining
confidential
financial
information
or
giving
incorrect
banking
details
to
route
wire
transfers
to
their
own
bank
account. -
MFA
bombing.
This
occurs
when
a
criminal
gains
access
to
someone’s
login
and
password
details
but
still
needs
to
surpass
a
final
barrier
to
enter
a
sensitive
online
account:
a
one-time,
time-sensitive
multifactor
authentication
(MFA)
code.
The
criminal
either
barrages
someone’s
phone
with
code
request
texts
until
the
person
disables
MFA
in
annoyance
or
the
criminal
impersonates
a
support
employee
and
requests
the
code
via
phone,
email,
or
text. -
Session
hijacking.
Session
hijacking
occurs
when
a
cybercriminal
takes
over
a
user’s
conversation
or
sensitive
internet
session
(like
online
banking
or
online
shopping)
and
continues
the
session
as
if
they
are
the
legitimate
user.
The
criminal
can
do
this
by
stealing
the
user’s
session
cookie. -
Router
hacking.
A
cybercriminal
can
hack
into
wireless
routers
and
then
reroute
your
internet
traffic
to
fake
websites
that
request
personal
or
financial
information.
Routers
with
weak
passwords
or
factory-set
passwords
are
vulnerable
to
being
taken
over
by
a
bad
actor.
Or,
a
method
that
requires
no
hacking
at
all:
A
cybercriminal
can
set
up
a
wireless
router
in
a
public
place
and
trick
people
into
connecting
to
it
thinking
it’s
complementary
Wi-Fi
from
a
nearby
establishment.
Cybercriminals
gain
access
to
devices
to
carry
out
MiTM
attacks
through
three
main
methods:
Wi-Fi
eavesdropping,
malware,
or
phishing.
How
Can
You
Identify
a
MiTM
Mobile
Attack?
The
most
common
giveaway
of
a
MiTM
attack
is
a
spotty
internet
connection.
If
a
cybercriminal
has
a
hold
on
your
device,
they
may
disconnect
you
from
the
internet
so
they
can
take
your
place
in
sessions
or
steal
your
username
and
password
combination.
If
your
device
is
overheating
or
the
battery
life
is
much
shorter
than
normal,
it
could
indicate
that
it
is
running
malware
in
the
background.
How
to
Protect
Your
Device
If
you
can
identify
the
signs
of
a
MiTM
attack,
that’s
a
great
first
step
in
protecting
your
device.
Awareness
of
your
digital
surroundings
is
another
way
to
keep
your
device
and
PII
safe.
Steer
clear
of
websites
that
look
sloppy,
and
do
not
stream
or
download
content
from
unofficial
sites.
Malware
is
often
hidden
in
links
on
dubious
sites.
Try
your
best
to
stick
to
sites
that
have
URLs
beginning
with
“https.”
The
“s”
stands
for
“secure.”
Though
not
all
“https”
sites
are
guaranteed
secure,
they
are
generally
more
trustworthy
than
plain
“http”
sites.
To
safeguard
your
Wi-Fi
connection,
protect
your
home
router
with
a
strong
password
or
passphrase.
When
connecting
to
public
Wi-Fi,
confirm
with
the
hotel
or
café’s
staff
their
official
Wi-Fi
network
name.
Then,
make
sure
to
connect
to
a
virtual
private
network
(VPN).
A
VPN
encrypts
your
online
activity,
which
makes
it
impossible
for
someone
to
digitally
eavesdrop.
Never
access
your
personal
information
when
on
an
unprotected
public
Wi-Fi
network.
Leave
your
online
banking
and
shopping
for
when
you’re
back
on
a
locked
network
or
VPN
you
can
trust.
Finally,
a
comprehensive
antivirus
software
can
clean
up
your
device
of
malicious
programs
it
might
have
contracted.
McAfee+
Ultimate
includes
unlimited
VPN
and
antivirus,
plus
a
whole
lot
more
to
keep
all
your
devices
safe.
It
also
includes
web
protection
that
alerts
you
to
suspicious
websites,
identity
monitoring,
and
monthly
credit
reports
to
help
you
browse
safely
and
keep
on
top
of
any
threats
to
your
identity
or
credit.
A
cybercriminal’s
prize
for
winning
a
digital
scheme
of
monkey
in
the
middle
is
your
personal
information.
With
preparation
and
excellent
digital
protection
tools
on
your
team,
you
can
make
sure
you
emerge
victorious
and
safe.