What is AiTM Phishing? Adversary-in-the-Middle (AiTM) phishing is a sophisticated type of cyberattack where attackers intercept the communication between a user and a legitimate website. This allows them to steal sensitive information like passwords and session cookies, even if the user has enabled multifactor authentication (MFA).

How Does It Work? In an AiTM attack, the attacker sets up a proxy server between the user and the website they are trying to access. When the user enters their credentials, the attacker captures this information and uses it to hijack the session. This means the attacker can access the user’s account without needing to bypass MFA.

Why Should You Care? AiTM phishing attacks are particularly dangerous because they can bypass MFA, a security measure many people rely on. Once attackers have access to your account, they can perform further malicious activities, such as business email compromise (BEC), where they use your email to trick others into transferring money or sharing sensitive information.

What is Chapman doing to protect you? To protect users from this type of attack, we implemented a security measure that prompts the user to reauthenticate their 2FA/MFA if their sign-in behavior is suspicious, for example, when they sign-in from a new location or their IP address travels a large distance in an impossible amount of time (Atypical travel). This protects the user from stolen tokens because once the token is used by the hacker at their physical location, they would be blocked by the second MFA request.

Additionally, while we have a 30-day MFA reauthentication policy, if your sign-in behavior is suspicious, you will be prompted to reauthenticate sooner. This ensures that even if an attacker has your credentials and session token, they will be unable to access your account without passing the additional 2FA/MFA check.

Disclaimer: Those who use private VPNs with their Chapman credentials will receive an additional MFA request because the security system detects an abrupt change in location, similar to the behavior shown in AiTM phishing attacks. While this may be disruptive, remember that this is to protect our users and their sensitive information.

Please continue to report any suspicious or malicious message by forwarding it as an attachment (ctrl-alt-F in Outlook) to abuse@chapman.edu.

 

Stay safe and secure! 

Chapman University Information Systems and Technology (IS&T)