Byte Me Article 345 – Man In The Middle Attack

25th November 2017

Don’t Become Next Victim

Several weeks ago I wrote an article mentioning another form of Internet scam called ‘a man in the middle attack’.  These are becoming more prevalent and as such this topic deserves further examination.  These attacks are more relevant to businesses and can cost a lot of money which is not recoverable.

The classic man in the middle attack mostly occurs when someone is able to hack your email account or to a lesser extent the email account of someone who supplies you with goods or services.  Hacking an email account gives a 3rd party access to all of your incoming emails and often to all of your sent emails as well.  They can be getting copies of all of these emails without your knowledge.

Once a 3rd party is able to intercept your emails then they can delete an email sent to you from a supplier and change an attachment such as an invoice to reflect their own banking details.  They can then send this changed invoice on to you as though it came direct from your supplier.  You pay it and by the time you realise what has happened it is too late to get the money back.

Email accounts get hacked for various reasons and as an example all Yahoo email accounts were subject to a mass hacking in 2013 where some 3 billion accounts worldwide were breached.  However the most common reason for being hacked is one that we have control over and that is our own email password strength.  This needs urgent consideration.

Every email account in the world has an associated password, but if this password is simple such as abc123 or related to your name such as johnsmith then it offers very little security.  However the password joHn5M!th offers very good protection.  My way of thinking suggests that if you don’t have to initially write your password down somewhere to remember it then it is NOT secure enough!

Keep in mind that many Internet connections and email accounts share the same password.  As an example if I had an ADSL connection with BigPond and my email address was [email protected] then the password for both of these is normally the same.  This is important information if you are changing your password as any change will need to be reflected in several spots.

In the case above I would need to change the password on the BigPond site, change the password in my ADSL router, change the password in my email program (such as Outlook) on my PC and change the password on my smart phone & tablet if they are also receiving a copy.  There are plenty of articles on the Internet about where & how in these devices to enable this change.

Another tip is that if all of a sudden the banking details change for one of your suppliers or often paid entities then feel free to ring them directly and ask if they have indeed implemented this banking change themselves.  We have seen some huge amounts of money go missing through this scam and there is no insurance against it or reimbursement from the banks.

It is also a good idea to change your email password every year and especially right now if it is a simple phrase.  If any of the material in this article worries you and you are not sure how to make these changes then please feel free to contact us. 

Future Byte Me topics can be emailed to [email protected] and Bruce is contactable at Kerr Solutions, 205 Musgrave Street or on 49 222 400.

For more advice and assistance from Kerr Solutions, like and follow us on Facebook