MISSISSIPPI STATE – In a world where technology is always advancing, consumers must know how to keep their online information safe.

Internet hacking and phishing scams are becoming common problems. Having a secure password and knowing what to do if an online account is compromised will help consumers protect themselves from financial loss.

Randy Loper, head of the Mississippi State University Extension Service Center for Technology Outreach, explained how hackers can gain access to different accounts through a brute-force method.

“When you go to a webpage that asks for a password, the computer converts your password into a fixed-length string of numbers, letters and symbols called a hash key,” Loper said. “The computer compares it to a hash key already stored when the password was originally established. If the two match, then you are allowed in.”

Loper said hackers can sometimes steal the hash key from the host system and use a computer program to search millions of combinations of words, letters and symbols until it finds a match for the person’s hash key. Once they have found the matching key, they can access the account.

“The only thing a user can do to protect them from this type of attack is to create a sufficiently long, complicated password and avoid using the same password across multiple accounts,” Loper said.

Having a high-security password can keep these computer programs from gaining access to consumer’s accounts. Roberto Gallardo, an Extension associate professor, suggested ways of creating a high-quality password.

“A good way to generate a combination of passwords that are somewhat easy to remember is to use a phrase and then substitute different elements,” Gallardo said. “For example ‘work is good’ can become W0rk1sG00d or w0rk!sGoo8.”

Some tips for creating a password are to use upper and lower case letters, numbers, and symbols; have a password that is 12-15 characters long; do not make passwords personal, such as a name; and change passwords periodically.

Along with stealing passwords, hackers also employ phishing scams. In phishing scams, a hacker pretends to be someone else, such as a bank, credit card company or social media site, and sends an email soliciting personal information from the recipient. The links inside the emails send the user to a malicious site, though the site appears to be legitimate.

“Never click on a link inside an email that takes you somewhere to enter personal information,” Loper said. “Credible companies no longer ask for personal information through emails.”

Consumers who fall for a phishing scam should change their email account’s password immediately. Phishers can sometimes take up to 24 hours to take over an account.

“If you fix the problem immediately, you can sometimes prevent the damage,” Loper said.

Employees who fall for a phishing scam, especially when using a business email address, should report the problem immediately to their technology support department. If a hacker is using a company’s email address to send out spam, it can affect all other users on the system.

“Sometimes an entire email system can be blacklisted and no one in the system will be able to send out emails, because the system will be marked as a spam machine,” Loper said.

For more information on internet security, contact Randy Loper at 662-325-3226 or randyl@ext.msstate.edu.

Writer: Brittnie Burton