Security Awareness Information - Man in the Middle (MITM) Attack Against 2FA

In today's fast-paced and vast world of technology, staying educated and informed on cybersecurity matters and mitigation is more important than ever. You wouldn't want your private information slipping into the wrong hands or on an unauthorized hard drive. San Francisco State recently noticed an uptick in university-compromised accounts across our campus between 2022 and 2023. The total number reported rose from 68 to 431. To protect yourself and the campus, familiarize yourself with cyber criminals' various phishing methods. One tactic is known as the “Man-in-the-middle" (MITM) attack. Often, these criminals will clone a website to mimic an SF State or recognizable site to trick end users into clicking on links that may apply malware to compromise and steal sensitive data. In this approach, hackers create fake URLs that closely resemble the victim's intended destination. For example, the URL could be instead of, a small detail change that is easy to miss unless you pay close attention. The phisher utilizes the fraudulent URL to intercept the network communication between the victim's computer and the web server. The criminal now has access to the user's username and password as they enter it into the website.


MITM Attack


What You Can Do

So, what can you do to help mitigate these types of security risks and stop compromised accounts? ITS has assembled some tips and tricks to help you stay aware, vigilant, and one step ahead of cybercriminals. Enabling Two-Factor Authentication (2FA) adds extra security required to access your online accounts and services. Remember that you must still be vigilant in protecting yourself, even when using 2FA. Scammers can still hack into your online accounts if you fail to pay close attention. Familiarizing yourself with best practices and knowledge can help fight the spread of compromised accounts and ensure a positive security posture at SF State.

Be vigilant and help protect yourself with the following actions:

  • Do not click on links or attachments from recipients you do not recognize.
  • Educate yourself about all phishing attack approaches here
  • If you can't tell if a message is legitimate, please forward it to for inspection, or use the "Report Phishing Button" in Outlook.
  • Use a Virtual Private Network (VPN) when using public Wi-Fi networks.
  • Never connect to an unknown network or hotspot.
  • Use a password manager that will only autofill credentials if there's an exact URL match. 
  • Do not provide sensitive personal information (like usernames and passwords) over email or text.
  • Do not assume that a "" email address or text message claiming to be an SF State employee or student is safe, especially if they ask for compensation (cash, credit card number, wire transfer, etc.).
  • Your SF State username and password combination should be unique to SF State and not used anywhere else. Do not re-use your SF State username and password combination on other services such as Facebook, online banking, TikTok, etc.
  • Watch for unusual activity on both your phone and email account.
  • If you notice anything suspicious, contact the ITS Service Desk by emailing, calling 415-338-1420, or submitting a ticket online.



Thank you for your attention to this matter and being careful to protect your data at SF State.