Man-in-the-middle attack

This is where an attacker re-directs a victim’s web traffic (perhaps by modifying DNS settings or modifying the hosts file on the victim machine) to a spoof web site. The victim believes they are connected to their bank’s web site and the flow of traffic to and from the real bank site remains unchanged, so the victim sees nothing suspicious. However, the traffic is re-directed through the attacker’s site, allowing the attacker to gather any personal data entered by the victim (login, password, PIN, etc.).