Cyber Doc logo Cyber Doc
Cybersecurity Term

What is a man-in-the-middle attack?

When an attacker secretly places themselves between two parties to observe or alter communication.

Network Security Last reviewed: 2026-05-20

← Back to Learn Centre

What is a man-in-the-middle attack?

A man-in-the-middle attack happens when an attacker secretly positions themselves between two parties to observe or manipulate communication.

Simple example

A user connects to a fake Wi-Fi network and the attacker intercepts traffic or redirects them to fake pages.

Why it matters

These attacks can expose credentials or sensitive information if connections are not properly protected.

Common warning signs

  • The activity is unexpected or unusual for the business context.
  • The request or system behaviour creates pressure to act quickly.
  • Normal approval, verification, or security processes are bypassed.
  • There are signs of unauthorised access, data exposure, or system change.
  • Staff are unsure whether the request, message, or system behaviour is legitimate.

Cyber Doc view

This term should be understood in business context, not only as a technical issue. Good protection usually combines clear processes, appropriate technical controls, staff awareness, and a calm response plan.

What to do

Proactive steps

  • Use HTTPS and avoid ignoring browser certificate warnings.
  • Use trusted Wi-Fi networks.
  • Use VPN where appropriate for untrusted networks.
  • Keep devices updated.
  • Train users about fake Wi-Fi and certificate warnings.

Reactive steps

  • Disconnect from the suspicious network.
  • Change passwords from a trusted network and clean device if credentials may be exposed.
  • Check account activity.
  • Report suspicious Wi-Fi or certificate prompts.
  • Review whether sensitive information was transmitted.

Related terms

  • Rogue Wi-Fi
  • DNS spoofing
  • Network security