Headline: What is a “man in the middle” attack?

Date:

Body:  OK, think back to the days gone by in elementary school.   There was a game we played called monkey in the middle.    In this game, 2 partners would throw/bounce a ball or other item to each other, and between them would be a 3^rd person who played the “monkey  in the middle.”  The objective for this person was to catch the ball before it got to the other partner.   Please keep this  model in mind as you read the rest of this post.

The difference here is that a ball is not used, instead, it is data being passed around.   Also, both partners are blissfully unaware of the presence of the man in the middle, stealing their communications.  In practice a hacker sends you an e-mail ostensibly from your Bank, asking you to confirm account details, or something similar.  “Just click on this link”, and you are magically transported to a website that looks like your bank, but is not.  The information entered is captured by the man in the middle.

How do I protect myself from being victimized?

1.  Only go to websites that start with “HTTPS” as this is much more secure
2. Be suspicious of any fishing e-mails.
3. Make use of a VPN, a kind of tunnel that goes from your computer to the internet.
4. Install a good anti-virus program like Norton or Kaspersky.   Install updates as they become available.
5. Always use secure passwords including letters, numbers and special characters.
6. Be suspicious of intrusive pop-ups.
7. Especially if you have remote workers, encourage them to use a VPN.

The Verdict

The concept of a man in the middle attack is not new.   The fact is, armies have been doing these things for centuries.   One army would identify a message courier for the other army, lure them into some type of distraction, and while distracted, read and possibly replace the message with one engineered by them.  And I use armies as an example for a reason.   Though we are not fighting for our lives, there is certainly a disparate set of 2 groups of people.  One group, ostensibly much larger, are the innocents, call them the civilians.  Then, you have a much smaller group, quite elite,  and these are the hackers  and other bad actors.  Though this second group is diminutive in number, they can have an out-sized effect within the battle.  This leads us to the natural question: what can the civilians do  so that they can minimize risk and keep going about their normal activities?  Well,  just follow the steps above, and if you get something in e-mail where it affects you on an emotional level, please step back for a second and ask if this might be a portion of a man in the middle attack.

 REFERENCES

https://us.norton.com/internetsecurity-wifi-what-is-a-man-in-the-middle-attack.html#

https://www.trendmicro.com/vinfo/ru/security/news/cybercrime-and-digital-threats/infosec-guide-defending-against-man-in-the-middle-attacks

https://www.fool.com/the-ascent/small-business/endpoint-security/articles/mitm/

https://www.cnet.com/news/privacy/mcafee-source-code-is-easy-target-within-corporations/

Editor’s Note: Please note that the information contained herein is meant only for general education: This should not be construed as Tax Advice.   Personal attributes could make a material difference in the advice given, so, before taking action, please consult your tax advisor or CPA.