An attacker sets up a man-in-the-middle phishing site and reverse proxy server, then sends a phishing email.

Infographic-MITM-phishing-email

Does the end user detect the phishing attempt?

Yes

Thumb Up

The user ignores or reports the phishing email.

Attack Fails

No

Thumb Down

The victim clicks the link in the email, inputs their credentials into the phishing site.

Sign In

Does the company use MITM phishing detection software?

Yes

Thumb Up

Warning message alerts the user to the scam.

Warning-Msg

No

Thumb Down

The reverse proxy server captures the user credentials, forwarding them to the legitimate company site. The company uses MFA and sends an OTP to the user.

Text Msg

The user heeds the warning, and the attack fails.

Attack Fails

Consumer enters the OTP into the phishing site.

Enter-OTP

The reverse proxy server forwards the MFA token to the legitimate website. The attacker logs into the user’s account.

Attack Succeeds

The attacker can now drain the account, apply for loans, harvest personal information, or carry out other heinous activities.

Bank Account

Malicious players are bypassing MFA. Your company requires an additional layer of security. Man-in-the-middle detection systems like Arkose Bot Manager detect, alert and block dangerous MITM phishing attack campaigns.

Learn More

Download the full infographic

Download PDF Version Download Report