More generally, a man-in-the-middle attack involves an eavesdropper monitoring correspondence between two unsuspecting parties. But when this is done to steal credentials or other sensitive information, it becomes the next type of phishing in our series: a man-in-the-middle phishing attack.
These attacks are often carried out by creating phony public WiFi networks at coffee shops, shopping malls, and other public locations. It can be surprisingly simple to make the phony network lures and, once joined, the man in the middle can phish for info or push malware onto devices.
Man-in-the-middle phishing attacks should impress on us the importance of using good cyber hygiene when on public networks. Consider refraining from conducting highly sensitive work—like banking transactions, bill paying, or transferring confidential work documents—on public networks.
Tip: On most personal computers, especially those running on Windows operating systems, local file sharing is turned on by default. To prevent malware from being pushed to your device, toggle this setting to off when on unfamiliar networks.