MITM (Man in the Middle) - What it is, red flags, and how to prevent it

MITM (Man In The Middle)

What it is

A Man in the Middle (MITM) attack is eavesdropping with extra steps: an attacker quietly positions between you and a website or app, reading or altering traffic as it passes. For a short primer and examples, see our MITM explainer.

Why it matters

MITM can steal logins, reroute payments, inject malware, or swap downloads, all while the page still looks normal.

How it works - quick tour

  • Rogue Wi-Fi/evil twin: a fake hotspot captures your traffic.

  • SSL stripping/DNS hijack: traffic is downgraded or sent to a copycat site.

  • ARP spoofing on LAN: the attacker impersonates your router.

  • Proxy injection: malware installs a local proxy or root certificate.

Red flags

  • Certificate warnings or padlock missing on sites that should be secure.

  • Login pages at odd domains or with spelling look-alikes.

  • Public Wi-Fi that forces installs, proxies, or captive portals that never end.

  • Sudden logouts, re-prompts for passwords, or mixed-content alerts.

Prevent it

  • Use HTTPS everywhere; verify the padlock and certificate details.

  • Prefer cellular or trusted Wi-Fi; avoid unknown hotspots.

  • Turn on VPN on public networks; disable auto-connect to Wi-Fi.

  • Enable MFA so stolen passwords alone are not enough.

  • Keep OS, browsers, and apps updated; remove shady root certificates.

  • For teams: use HSTS, DNSSEC, DoH/DoT, and monitor for TLS downgrade events.

    Glossary (A–Z)

    All A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

      • Related Articles

      • Web Protection

        What it is Web protection is a bundle of tools and settings that keep you safer while you browse. It blocks dangerous sites and downloads, warns about fake logins, filters sketchy links, and helps keep your info private. It can run on your device ...

      • Web Cache Poisoning

        What it is Web cache poisoning is when attackers sneak bad content into a website’s cache. The cache is a “shortcut” server use to make pages load faster for everyone. If it’s poisoned, later visitors get the attacker’s fake version instead of the ...

      • Local Area Network (LAN)

        What it is A Local Area Network (LAN) connects computers and devices in a small area like a home, office, or school. Devices talk to each other through ethernet cables or Wi-Fi, sharing files, printers, and internet access. Why it matters A good LAN ...

      • VPN (Virtual Private Network)

        What it is A VPN is an app that creates a secure tunnel for your internet traffic. It scrambles your data so Wi-Fi owners, ISPs, or snoops can’t read it, and it can make your connection look like it’s coming from another location. People use VPNs for ...

      • Data Execution Prevention

        What it is Data Execution Prevention (DEP) is a Windows safety net that stops code from running in places it shouldn’t—like the stack or heap. If malware tries to execute from those memory areas, Windows blocks it and shuts the app down instead of ...