Individuals and organizations typically seek to protect their computing resources and computer networks from attacks by authenticating users during login sequences. For example, enterprise organizations may instruct employees to perform first factor authentication (e.g., password confirmation) upon attempts to log into enterprise computers. More sophisticated systems may use two-factor authentication, which bases authentication of the user on a combination of two different things. These two different things may be selected from something that the user knows, something that the user possesses, and something that is inseparable from the user.
Despite the use of traditional authentication procedures to protect computing resources, attackers are still succeeding in attacking and/or compromising some of these procedures. For example, attackers may perform a man-in-the-middle attack in which the attackers situate themselves between the user and the secure computing resources. The attackers then spoof the identity of the user by modifying network traffic between the user and the secure computing resources. In some examples, attackers have succeeded in performing man-in-the-middle attacks that overcome two-factor authentication procedures. Accordingly, the instant disclosure identifies and addresses a need for additional and improved systems and methods for detecting man-in-the-middle attacks.