Protect yourself from AiTM phishing scams 

Amanda Ross
Wednesday 24 July 2024

AiTM (Adversary-in-the-Middle) phishing is a sophisticated cyber-attack where criminals intercept and replay communication between you and a legitimate service, like your bank or email provider.  

What is AiTM Phishing? 

These trick you into giving away your login details and multi-factor authentication (MFA) codes, allowing attackers access to your accounts. 

How does AiTM phishing work? 

Here’s a simple breakdown of how AiTM phishing scams typically operate: 

  1. Phishing emails:  Looks like it’s from a trusted source, such as the University or your bank; it often contains urgent language, prompting you to click on a link. 

2. Fake login page: A link takes you to a fake website that looks just like the real one and asks for your login details and MFA codes. 

3. Credential theft: When you enter your login information, the attackers capture and use it behind the scenes to log into the real website pretending to be you. 

4. Access and exploitation: Once accessed, they can perform actions in your account such as transferring money, reading sensitive emails, or even locking you out of your account. 

How to Protect Yourself 

Tips to help you: 

  • Verify email senders: Always check the sender’s email address. Be cautious of emails from unknown sources or those that look slightly off from official addresses. 
  • Be wary of links: Hover over links to check where they lead before clicking. If the URL looks suspicious or unfamiliar, don’t click on it. 
  • Check the website: Ensure the website URL is correct and secure (look for “https” and a padlock symbol in the address bar). 
  • Use bookmarks: Access important websites by using bookmarks you’ve saved rather than clicking links in emails. 
  • Report suspicious activity: If you receive a suspicious email or notice something unusual, report it to the IT Service Desk. If it refers to your bank, contact them immediately. 

If you receive a suspicious email or are unsure, please report it to [email protected].   

If you have any questions or need further assistance, please do not hesitate to contact the IT Service Desk. 

Related topics

Subscribe to the IT Services blog

Enter your email address to subscribe to this blog to receive notifications of new posts.