What is a man in the middle scam?

Suppose Computer Medic wishes to send an email to the President of the United States. Meanwhile, Billy-Bob (the man in the middle)  wishes to intercept the conversation and to send a false email to the President relaying an entirely different message. You can see how this kind of eavesdropping can be really destructive especially when it comes to sensitive information.

How can this happen?

By default, when you send someone an email and they click Reply, the email address you sent the message from will get their reply. However, it can be modified so that so that when they reply, a different address will get their message. See where I am going with this? The “reply-to” e-mail addresses are spoofed by adding, removing, or subtly changing characters in the e-mail address that make it extremely hard to identify the perpetrator’s e-mail address from the legitimate email. Now the perpetrator is directly in contact with the unsuspecting victim and can advise any number of misleading instructions, including where to send payment to… and to no one’s surprise, right into the perpetrators hands.

Preventative Action

Don’t exchange sensitive information via email… EVER! Establish other communication channels, such as a phone call or in person meetings. If you are discussing private matters via email – do not use the “Reply” option to respond to e-mails. Instead, use the “Forward” option and either type in the correct e-mail address or select it from the e-mail address book to ensure the real e-mail address is used.