Online Cyber Safety
Cyber Safety Glossary Protecting Yourself Useful Links
Go
Security Software
Online Shopping Tips
Report Piracy
Inquire with Questions

Report Fraud

Cyber Safety Glossary

report fraud Man-in-the-Middle Attack

Also Known As:
Web Site Spoofing, Spoofed Web sites, Faked Web sites, Pharming


Description:
The phrase "Man-in-the-Middle Attack" is used to describe a computer attack during which the cyber criminal funnels communication between a consumer and a legitimate organization through a fake Web site. In these attacks, neither the consumer nor the organization is aware that the communication is being illegally monitored. The criminal is, in effect, in the middle of a transaction between the consumer and his or her bank, credit-card company, or retailer.

The man-in-the-middle server electronically “eavesdrops” on every keystroke, giving the criminal username, password, and account information. Criminals perpetrate this scam in a number of ways. They trick the consumer into clicking a link to the fake Web site in Phishing and Pharming email messages. They employ Spyware and other Malware that when loaded on the consumer’s computer redirects the Web browser to the fake site. The most technically competent manipulate the real Web site so that visitors are directed to the fake site.


How to Recognize This Threat:
Be extremely wary of any official sounding unsolicited email or text message that asks you to click on a link and log onto a Web site to clear up a major problem. Scare tactics are used to lure the unsuspecting into the Man-in-the-Middle trap.


What Should I Do:
Never click on a link or open an attachment in an unsolicited email or text message. Delete the email or message. If you are concerned, call the organization or open your Web browser and type in the address. If the site has changed since your last visit, be cautious. Maintain up-to-date anti-virus and anti-Spyware programs on your computer and install a firewall. These precautions will reduce the likelihood that a virus will redirect you to a criminal’s Web site. Also, look for the lock or key icon at the bottom of the browser when entering a site that purports to be secure.

Select a Term

Adware  
  Annoying pop-up and banner ads? System slowdowns? Your computer may be infected with Adware
Bots & Botnets  
  Hackers use bot programs for theft, fraud, and denial-of-service attacks on Web sites
Browser Highjacking  
  Malware used by hackers to direct your computer to their websites, regardless of the address you entered.
Cookies  
  A Web page that welcomes you by name uses cookies
Counterfeit Products  
 

Businesses rely on what is called a digital signature to recognize their customers
Digital Signatures  
 

Businesses rely on what is called a digital signature to recognize their customers
Extortionware  
 

A software program that encrypts essential personal files - taking them hostage and demanding money for their safe return
Keylogger  
  Hackers illegally use software keyloggers to identify their victims’ computer passwords, login names, bank account and credit card numbers
Malware  
  Any software program developed for the purpose of doing harm to a computer system or to create mischief
Man-in-the-Middle Attack  
  Cyber criminals eavesdrop on electronic communication between a consumer and a legitimate organization
Nigerian Scam  
  Unsolicited email messages from a stranger who promises great wealth — a get-rich-quick scheme
P2P File Sharing  
  Peer-to-peer file sharing is very popular on the Internet, but it can also lead to virus infections and a host of other problems
Pharming  
  A technically sophisticated scam designed to trick individuals into disclosing sensitive information such as bank account, credit card, and Social Security numbers
Phishing  
  Official looking and sounding messages that urge immediate action to update sensitive financial and identity information
SMishing  
  Designed to trick you into divulging identity information, SMishing is Phishing over cell phones and other mobile devices.
Social Engineering Scams  
  A scam that preys upon our acceptance of authority and willingness to cooperate with others
Social Networking Sites  
  Never under any circumstances should your child or young teenager agree to meet in person someone from one of these sites
Software Piracy  
  The illegal use and/or distribution of software protected under intellectual property laws
Spam  
  The cyber equivalent to junk mail – spammers have developed many ways of obtaining email addresses
Spim  
  Unsolicited product or service advertisements that appear as instant messages
Sping  
  Spam from a fake blog tricking the unwary into visiting
Spit  
  A spam campaign against VOIP voicemail
Splog  
  A spam campaign directed against blogs
Spoofing  
  A criminal pretends to be a business or organization in order to gain access to a computer user’s sensitive information such as bank account, credit card, or Social Security numbers
Spy-Phishing  
  In a successful Spy-Phishing attack, a Trojan and/or Spyware is downloaded onto your computer from a Phishing message.
Stealth, Polymorphic, and Armored viruses
  These viruses hide, copy, or “armor” themselves in an attempt to avoid detection and removal from a computer.
Bots & Botnets  
  Hackers use bot programs for theft, fraud, and denial-of-service attacks on Web sites
Trojan Horses  
  Files or software programs that appear to be legitimate, but once installed can cause havoc
Viruses  
  Malicious programs or codes inserted into computer systems without the user’s permission
Warez Sites  
  Any site that hosts pirated software
Worms  
  These malicious software programs spread automatically from computer to computer
Zombie Drones  
  Personal computers secretly under the control of hackers
   
   



Business Software Alliance
Cyber Safety Glossary | Protecting Yourself | Useful Links
©2012 Business Software Alliance