A scammer typically contacts a target and strives to project an image of someone who has it all together financially and socially, claiming to be a successful entrepreneur or something similar. Or scammers may claim to be facing adversity, claiming they are widowed, down on their luck, or, like many, simply lonely. This is a strategy that has worked in the past.

Follow these tips to prevent getting scammed:

#1 Unless this person becomes an actual significant other, never give out personal information like passwords, credit card numbers or Social Security numbers.

#2 Know that bad guys lie, a lot. And they will keep up the ruse until they have what they need or until you are in a vulnerable place. Pay attention to their intentions.

#3 Get their name, address, previous address, home phone, cell phone, place of birth, birth date, where they work, license plate and if you can squeeze it out of them, and I kid you not, get their Social Security number and do a background check.

#4 Go online and Google search every bit of information about them you have acquired. You want to know as much about this person as possible. Search name, phone, email and screen name. The goal is to look for truth and lies. If you see inconsistencies, or red flags that can’t be easily explained, run really fast.

#5 Never open attachments from anyone you don’t know well. And if you can avoid it, don’t click on links they send. Scammers will think nothing of sending you a virus to infect your PC and steal your identity.

Robert Siciliano personal and home security specialist toHome Security Source discussingInternet Predators on Fox Boston

Wi-Fi: freedom to connect wherever and whenever. And there is no better Wi-Fi than free Wi-Fi, unless we are talking “secure Wi-Fi” which usually isn’t free. Wi-Fi is great for bringing in customers and it’s a great promotional tool that creates customer loyalty. Merchants such as hotels, coffee shops, burger joints and just about anyplace with a store front, chairs and tables is offering free Wi-Fi.

But what about all the Wi-Fi security threats?

More and more internet savvy people realize that there is less and less anonymity on the web. This means that a criminal who operates from home or work can be detected via his IP address much easier. One way to avoid detection is to show up you’re your place of business and blend in with the connected crowd.

Criminals use free Wi-Fi for:

Pirating: Downloading stolen music, movies and software via Peer to Peer programs is big and costing the entertainment industry billions. The RIAA and MPAA don’t like this and will often crack down on whoever is connected to the IP address associated with the illegal downloading.

Child Porn: The long arm of the law is often spending time in chat rooms posing as the young and vulnerable and chatting it up with pedophiles who exchange in child pornography. Wouldn’t be cool if the FBI to came knocking.

Hacking: Hackers will hack others on the free Wi-Fi network in order to steal usernames, passwords and account information.

Secure Wi-Fi

Creating a secure Wi-Fi that requires a user name and password to join. This may not prevent all kinds of e-crimes but it’s a start to improve your Wi-Fi network security. Charging even a dollar may get a credit card number on file and would mostly eliminate anonymity.

Web filtering: Your IT security vendor has tools similar to what a corporation may have in place that filters out known websites and prevents the sharing of Peer to Peer files.

Confirm you are on a business account: Many small businesses may set up under a personal account because it might be a bit cheaper. But that personal account doesn’t enjoy some of the protection and indemnities that a business account would.

Robert Siciliano personal and small business security specialist toADT Small Business Security discussingADT Pulse on Fox News. Disclosures

Massachusetts has one of the most stringent data protection laws on the books. Businesses are required to disclose data breaches, and companies are now reporting when even a single individual’s information has been compromised.

Despite strict laws and security requirements, companies are continually being hacked in record numbers. And if major businesses still being hacked despite allocating significant resources to securing their data, you’re more than likely at least as vulnerable.

The Boston Globereports, “Personal information from nearly one out of three Massachusetts residents, from names and addresses to medical histories, has been compromised through data theft or loss since the beginning of 2010, according to statistics released yesterday by the office of Attorney General Martha Coakley.”

Facts:

• Since January 2010, 1,166 data breach notices have been filed
• 480 of those breaches occurred between January and August of 2011
• 2.1 million residents were affected
• 25% involved deliberate hacking of computer systems containing sensitive data

This is just Massachusetts. Every other state is experiencing the same thing. According to Juniper Research, in the past year, 90% of organizations have suffered from some form of data breach. Since the start of 2011, there have been 365 data loss incidents involving 126,727,474 records around the world.

Keeping PCs and Macs updated with antivirus and anti-spyware software is fundamental, as is updating all critical security patches. You should also have a two-way firewall monitoring incoming and outgoing traffic, and strong passwords that combine upper and lowercase letters, numbers, and preferably other characters.

Robert Siciliano personal and home security specialist to Home Security Source discussing identity theft on YouTube.

There are generally 2 types of financial identity theft. New account fraud and account takeover.

New account fraud Identity theft can occur when someone opens a new credit card in your name, maxes it out, and doesn’t pay the bill.

Account takeover Identity theft can also occur when a bad guy gets your information, uses it to take over your existing credit or bank accounts, and drains your funds.

But then there is “ghosting”. ID fraud happens when new accounts are opened under names and identities that have been entirely fabricated when thieves easily create fake Social Security numbers.

Here’s how it works. Our system of credit requires a Social Security number as the first and foremost identifier. Lenders issue credit based entirely or almost entirely on the history associated with an applicant’s Social Security number.

When a creditor issues credit based on these invented numbers and reports that information to the credit bureaus, the Social Security numbers become active identifiers that other creditors will recognize in the future. The thieves, now equipped with functional Social Security numbers, can use them to open numerous new accounts.

That first creditor who issued credit to a ghost identity with a newly created Social Security number may have had someone on the inside of the credit issuing organization submitting fraudulent payment or loan information in order to legitimize the fake number.

Businesses who issue credit may unknowingly facilitate these scams if they have employees on the inside who manipulate the system. Never leave employees unsupervised without some form of redundant checks and balances system in place. At least run Social Security numbers through the Social Security Administrations Verification Service to prevent Identity theft. Business scams like these eat at the foundation of credit and cost companies and consumers billions a year.

Robert Siciliano personal and small business security specialist toADT Small Business Security discussingADT Pulse on Fox News. Disclosures

Nearly three-quarters of Americans have never installed data protection applications or security software on their mobile devices to prevent data loss or defend against viruses and malware. 72% of us have unsecured smartphones, to be exact, even though we are using them more frequently in our digital lives.

A recent survey shows that 44% of Americans use smartphones to access the Internet, and 75% say they access the Internet more frequently on their device today than they did one year ago.

Digital research firm comScore found that close to 32.5 million Americans accessed banking information via mobile device at the end of the second quarter of 2011, a 21% increase from in the fourth quarter of 2010. Approximately 24% of consumers store computer or banking passwords on their mobile devices, according to Consumer Reports’ 2011 State of the Net Survey. More than half of smartphone users do not use any password protection to prevent unauthorized device access. And according to Gartner, 113 mobile phones are lost every minute in the U.S. alone.

With unit sales of smartphones and tablets eclipsing those of desktop and laptop PCs, cybercriminals will continue setting their sights on mobile, and increased mobile Internet use will continue exacerbating security and data breach issues.

Protect yourself:

Use mobile security software and keep it current. Having complete mobile security protection like that offered in McAfee Mobile Security is a primary safety and security measure.

Automate software updates. Many software programs will automatically connect and update to defend against known risks. Turn on automatic updates if that’s an available option.

Protect all devices that connect to the Internet. Along with computers, smartphones, gaming systems, and other web-enabled devices also need protection from viruses and malware.

Robert Siciliano is an Online Security Evangelist to McAfee. See him discussing identity theft on YouTube.(Disclosures)

For some, Valentines means they might be lonely. I’ve been there, and I know many who are there now. That loneliness can distort your perspective in a way that trumps common sense. This leads people to make badly considered decisions that only worsen their circumstances. Unfortunately, scammers use this raw emotion as leverage on online dating websites and social media.

These scammers are like loneliness relief valves. In a way, they provide a different perspective by making baseless promises that they never intend to fulfill. In the end, victims end up emptying their bank accounts.

The key to be safe and secure is awareness of yourself and your emotions and the intentions of others who contact you.

Don’t be an online dating statistic. Follow these tips:

#1 Look for red flags. If you are contacted online and they make no reference to you or your name, it may be a “broadcast” scam going to others.

#2 If they immediately start talking about marriage and love and showing immediate affection run really fast.

#3 Anyone asking for money for any reason is a con-man. Never under any circumstances wire money, send checks, cash etc.

#4 When communicating with someone online and it seems it takes days for them to respond, this may be a sign they are married.

#5 When communicating with a potential mate via online dating or even in the physical world, please do not give up any information to them until you are entirely sure they are “good”.

Robert Siciliano personal and home security specialist to ADT Home Security Source discussingGPS Dating Security on Good Morning America.

You may recall the story about Colton Harris Moore who as a teenager was busted for committing over 100 burglaries in the Pacific Northwest. He stole cars, speedboats and airplanes and is known as the “Barefoot Burglar” because he kicked off his shoes running from the police through the woods.

Last summer he signed a movie deal to make $1.3 million with 20th Century Fox. However he won’t earn any money from this, as all the funds will go to restitution.

After 2 years of running, he was busted in a chase that involved police, boats and bullets. Most of these stories usually end up in the perpetrator being dead. But this now 20 year old will live to tell another tale, from prison. He was recently sentenced to 7 years in state prison and pleaded guilty to numerous charges including burglary and identity theft.

In sentencing the judge was quoted saying “This case is a tragedy in many ways, but it’s a triumph of the human spirit in other ways, I could have been reading about the history of a mass murderer. I could have been reading about a drug abusive, alcoholic young man. That is the triumph of Colton Harris-Moore: He has survived.”

He survived and left many victims behind. He destroyed thousands of dollars in cars, airplanes and boats. He stole everything from food to cash and jewelry, electronics and clothing. As “romantic” as his story is, the victims of his crimes will never feel the same way again in their own homes.

Lock your doors and windows

Install a monitored alarm system. Consider ADT Pulse.

Give your home that lived in look

Leave the TV on LOUD while you are gone

Install timers on your lights both indoor and outdoor

Close the shades to prevent peeping inside

Use defensive signage

Robert Siciliano personal and home security specialist to Home Security Source discussing ADT Pulse on Fox News.

Imagine your body being targeted by 75 million viruses. That is exactly what’s happening to your digital devices. Laptops, desktops, netbooks, notebooks, Macs, iPads, iPhones, BlackBerrys, Androids, and Symbian mobile phones are all being targeted. The most recent threats report from McAfee Labs reveals a grim outlook and a variety of threats.

Mobile: Android has become the most popular platform for new malware, and this past quarter, was targeted exclusively by all new forms of mobile malware. The Symbian OS (for Nokia handsets) remains the platform with the all-time greatest number of viruses, but Android is clearly today’s main target.

Malware: Rootkits, or stealth malware, are one of the nastiest threats we face. They are designed to evade detection, and thus are able to lurk on a system for prolonged periods. Fake AV, also known as fake alert or rogue security software, has bounced back strongly from previous quarters, while AutoRun and password-stealing Trojans remain at relatively constant levels. Mac malware continues to show a bit of growth as well.

Spam: Although spam volume has decreased significantly, McAfee Labs has observed major developments in targeted spam, or what’s often called “spear phishing.” Much like malware, total numbers are dropping but the severity of the threat and sophistication of the technique remain high.

Social engineering: Subject lines used for social engineering spam messages vary depending on geography and language. Bait can include holidays or sporting events, and often differs by month or season. Attackers have shown remarkable insight into what works for specific people at specific times.

Spam botnets: New spam botnet infections continued steadily from February through August of 2011, but dropped somewhat in September.

Bad URLs: Website URLs, domains, subdomains, and particular IP addresses can be “bad” or malicious, either because they are used to host malware, phishing websites, or potentially unwanted programs.

Phishing websites: McAfee identified approximately 2,700 phishing URLs per day during the second quarter of 2011, a slight decrease from the same period in 2010, when they counted 2900 per day.

Robert Siciliano personal and home security specialist to Home Security Source discussing identity theft on YouTube.

Pretty Good Privacy (PGP) “is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting and decrypting texts, E-mails, files, directories and whole disk partitions to increase the security of e-mail communications.”

Say you have a manufacturing plant in China that makes a one of a kind widget and you have a U.S patent that you don’t want other companies stealing. Every so often you must send an email back and forth to your man of the ground in Beijing to update the specs and ways in which that product is to be created. You know that if your emails are intercepted that it’s just a matter of time before a cheap knockoff comes on the market and kills your business. So, you better learn how to encrypt email.

This is where PGP email encryption comes in.

#1 There are PGP key generators online and others available in purchased or open source software. To create a PGP key you will plug in your email address and provide a password. Your security vendor can point you in a direction. Or go here to generate a PGP key.

#2 PGP keys are public and private. Your public key is posted to your website or contained in your email. People use this key to send you encrypted emails. The private key is kept private. My public key looks like this:

—–BEGIN PGP PUBLIC KEY BLOCK—–

mI0ETt1GvAEEAInk6+FnNbDug/VTJTqladmbymCx3Oh3LT/YQpB1/j8PavNAAhtr

nC5dwhludRTE2bAG28ZcPkK5j8aRZTYTmSpCjUOfwNRaIott0L4SKSgLbkUWDfim

pbEOTLN9eTmStNispjWVdmP099t5SJqsGvkPBhCxLHOCxxPae0037Lb1ABEBAAG0

FnJvYmVydEByb2JlcnRzaWNpbGlhbm+InAQQAQIABgUCTt1GvAAKCRDVXcwnBdX+

k3poA/93D0usqCSemcf0jE8BMUlqIHxdblH7eH4IXngjV+bgfZxeX6pK6BuxMghN

6NaX8VqOHV574MctAnxVkGqqjJH4jALQn+ExoG9YFh004UK46pa4BCoh+xkD72zu

dGm3I3xVjj7g3e7XJ0R7aVDStK1s+7izd00PzbJP9xDI9MqJUA==

=22J2

—–END PGP PUBLIC KEY BLOCK—–

#3 When receiving an encrypted email you plug in your private key that looks a lot like a public key and include the password.

Find here a cool free online tool that generates PGP keys for fun and lets you see how PGP email encryption is done.

Caution: I’m not sure of what’s going on in the background of this site so I can’t recommend using this key generator for ongoing secure use.

Robert Siciliano personal and small business security specialist toADT Small Business Security discussingADT Pulse on Fox News. Disclosures

The Privacy Rights Clearing house currently tallies 542,608,451 records breached in the past 5 years. Unsecure email certainly contributes to the problem. Small business email (or any email) starts off on a secure or unsecure wired or wireless network then travels over numerous networks through secure or unsecure email servers often vulnerable to people who are in control of those servers.

There is also plenty of hacking and cracking tools bad guys (and good guys) use to sniff out that data in plain text.

With criminal hackers, government funded hackers and the various other snoops, email encryption today is essential.

In a recent study by Ponemon Institute, the latest U.S. Cost of a Data Breach report, which was just released today, shows that costs continue to rise. This year, they reached $214 per compromised record and averaged $7.2 million per data breach event. The fact is that individuals still care deeply about their personal information and they lose trust in companies that fail to protect it.

If your business operates under some form of regulation whether it is finance, healthcare, or any other regulation where fines are imposed in the event of a data breach, then email security should be a fundamental layer of your company’s information security protection plan. Plain and simple if you are concerned about compliance with regulations like HIPAA and the HITECH Act and the numerous state data breach notification laws look to email encryption.

At its basic level PGP encryption is one way to provide email encryption. More on that in the next post.

Robert Siciliano personal and small business security specialist toADT Small Business Security discussingADT Pulse on Fox News. Disclosures