Learn

Personal Resource Center

What Is a Man-in-the-Middle Attack?

target icon
In man-in-the-middle (MITM) attacks, a criminal finds a way to get between a victim and a trusted online entity to intercept data or money.

Because there are so many types of MITM attacks, there are various ways an attacker can proceed with their attack. Ultimately, the MITM attack allows the criminal to access a victim's personal information or finances. 


How Can You Protect Yourself?

It may seem like you'd need an advanced degree in information technology to fully understand an MITM attack but, fortunately, protecting yourself against one requires much less technical knowledge. Much of the good cybersecurity hygiene people are used to hearing about helps protect against MITM fraud, including:8,3,1

  • Look for the S in HTTPS when visiting a URL. If it's not there, it's not secure.
  • You can install a browser extension that helps ensure you don't accidentally visit an HTTP website, which you can find by searching in your browser's extension store.
  • Beware of emails asking you to update login credentials. Never click on a link in such an email. To reset a password, always type the URL into your browser.
  • Avoid connecting to a public Wi-Fi directly from your computer. Instead, use a VPN to encrypt your connection.
  • Make sure you have a strong password on your home Wi-Fi connection.
  • Turn on multi-factor authentication (MFA) for online accounts. If your login credentials are stolen, MFA can let you know someone is trying to use them.
  • Install security software on your computer to look for suspicious activity.

What To Do If You Become a Victim of an MITM Attack

As noted above, if you become the victim of financial or identity fraud, you may never know if MITM was the method used in the attack. But there are certain standard steps to take when you find yourself the victim of any online fraud, including: 

  • Contact your banks, lenders and credit card companies and let them know you believe you are an online fraud victim. They will likely close your accounts and open new ones.
  • File a fraud alert at one of the three credit reporting bureaus: Equifax, Experian, or TransUnion.9,10,11 One will share the alert with the other two.
  • Freeze your report with each of the three main credit bureaus: Equifax, Experian and TransUnion.12,13,14 This will prevent anyone (including you) from opening new credit accounts without you first temporarily unfreezing.
  • File a complaint with the Federal Trade Commission at identitytheft.gov.15
  • File a police report with your local police or sheriff's office. While they can't necessarily track down the criminals, they can take a formal report and pass the information to other agencies.
  • File a report with the Internet Crime Complaint Center (IC3).16
  • Keep copies of all your reports and responses from each party you contacted.

The more you know about the cybercrime landscape, the more effectively you can protect yourself and your family. While MITM attacks may be technically complex, taking action to prevent one from happening is something any internet user can crack.


Enroll in Credit and Identity Protection Services

As a Synovus Plus, Synovus Inspire, or Synovus Private Wealth customer, you can enroll in complimentary Credit and Identity Protection services. With this service, Synovus will monitor your credit reports and notify you any time any changes are made. Synovus will also scan the web to make sure your personal information hasn't been compromised by checking websites, blogs and peer-to-peer networks. Synovus also offers full-service identity restoration if you become a victim of identity theft.

Want to know more about how you can achieve peace of mind as a Synovus customer? Learn more.

Important disclosure information

This content is general in nature and does not constitute legal, tax, accounting, financial or investment advice. You are encouraged to consult with competent legal, tax, accounting, financial or investment professionals based on your specific circumstances. We do not make any warranties as to accuracy or completeness of this information, do not endorse any third-party companies, products, or services described here, and take no liability for your use of this information.

  1. Clare Stouffer, "What is a man-in-the-middle attack?" Norton, published March 26, 2020, accessed April 10, 2024.

    Back
  2. Tomasz Andrzej Nidecki, "SSL hijacking," Invicti, accessed April 10, 2024.

    Back
  3. Rapid 7, "Man in the Middle (MITM) Attacks," accessed April 10, 2024.

    Back
  4. FBI Internet Crime Complaint Center, "Federal Bureau of Investigation Internet Crime Report 2022," published March 22, 2023, accessed April 10, 2024.

    Back
  5. Dan Swinhoe, "Man-in-the-middle (MitM) attack definition and examples," March 25, 2022, accessed April 10, 2024.

    Back
  6. Kinza Yasar, "man-in-the-middle attack (MitM)," TechTarget, published April 2022, accessed April 10, 2024.

    Back
  7. Lucas Hu, Howard Tong, Suiqiang Deng and Alex Starov, "Meddler-in-the-Middle Phishing Attacks Explained," published December 21, 2022, accessed April 10, 2024.

    Back
  8. Robert Izquierdo, "5 Ways to Prevent a Man-in-the-Middle Cyberattack," published May 18, 2022, updated August 5, 2022, accessed April 10, 2024.

    Back
  9. Equifax, "Fraud and active duty alerts," accessed April 10, 2024.

    Back
  10. Experian, "Fraud Alert," accessed April 10, 2024.

    Back
  11. Transunion, "Fraud Alert," accessed April 10, 2024.

    Back
  12. Equifax, "Security Freeze," accessed April 10, 2024.

    Back
  13. Experian, "Freeze your credit file for free," accessed April 10, 2024.

    Back
  14. TransUnion, "Credit Freeze," accessed April 10, 2024.

    Back
  15. Federal Trade Commission (FTC), "IdentityTheft.gov," accessed April 10, 2024.

    Back
  16. FBI, "Internet Crime Complaint Center (IC3)," accessed April 10, 2024.

    Back