`Man-in-the-middle’ fraud: How to prevent it, who is at risk, and what to do when it all goes wrong
What is `man-in-the-middle’ fraud?
A form of fraud, colloquially known as a `man-in-the middle’ attack, has become increasingly common in recent months. Targets of a manin-the-middle attack range from individual consumers to large multi-nationals. The mechanism of the fraud is as follows:
A fraudster creates one or more email addresses that are visually similar to those of one party say, Party A to a legitimate commercial arrangement. For example, Party A’s email address might be `firstname.lastname@example.org’, so the fraudster might create the address `operalions@ partya.com’ (the difference here being underlined). The fraudster will then contact Party A’s counterparty say, Party B using the visually similar email address, misrepresenting himself to be Party A. The fraudster hopes that Party B will not notice the change in the email address (which is apparent on the face of the email received by Party B) and will instead simply press `Reply’ to the fraudster’s email. The fraudster can then continue to communicate with Party B, unbeknown to and to the exclusion of Party A. Generally the fraudster will seek to divert payments that Party B owes Party A and to abscond with those payments before either Party A or Party B realise that the third party was involved.