A computer-implemented method for detecting man-in-the-middle attacks may include (1) registering a mobile device of a user within a computing environment as an authenticated mobile device that corresponds to the user, (2) receiving an authentication request to log into a secure computing resource as the user, (3) transmitting, in response to receiving the authentication request, an out-of-band push authentication prompt to the registered mobile device of the user through a different channel than a channel through which the authentication request was received, (4) comparing a geolocation indicated by the authentication request with a geolocation indicated by the registered mobile device, and (5) performing remedial action in response to detecting a man-in-the-middle attack based on a determination that the geolocation indicated by the authentication request and the geolocation indicated by the registered mobile device do not match. Various other methods, systems, and computer-readable media are also disclosed.