What you need to know about Phishing.

General Derek Cole 29 May

Published by FCT

Phishing attacks are among the most common methods used by cyber criminals to steal personal information. Surprisingly, many people are unaware of just how much of a threat these attacks pose. In essence, phishing attacks use a malicious email or website (designed to mimic or replicate real, reputable entities) to trick a person into divulging private or personal information such as usernames and passwords. They may vary in sophistication and plausibility, but the purpose of the attacks is invariably the same.

Alarmingly, while they were once easily identifiable by even passingly-competent tech users, modern phishing attacks are incredibly convincing. Combined with the sheer volume of digital media we use on a daily basis—social media, work and personal email, subscription services to name a few—we’ve never been more likely to inadvertently fall prey to an attack. With that in mind, it’s more important than ever to be informed about phishing and all the forms it can take, and here’s what you need to know.

how phishing used to be done

Phishers use social engineering, particularly by leveraging fear, to trick people into clicking on fake links. Usually, this would allow scammers to steal things like login credentials to access funds (from your bank) or personal details to apply for credit cards etc.

You’re likely already familiar with what a phishing email looks like. Odds are, you’ve seen highly suspect notices crop up from (purportedly) the CRA or any number of banks, threatening immediate legal trouble or termination of your account unless you verify your details immediately. Full of poor grammar and misspellings, these kinds of emails tend to undermine their own credibility, which is sometimes done deliberately to identify the perfect targets.

In any case, the conventional phishing email or message usually contain a number of common traits, including:

  • the aforementioned poor grammar
  • strange or infrequent senders
  • attachments, especially in cases where the information could (logically) have been in the body of the message itself
  • generic greetings (“Dear Friend”)

However, not all phishing is directed at a recipient. Some types, like “watering hole” attacks, use vulnerabilities or flaws on websites frequented by their target groups to steal information. Typically, they exploit these vulnerabilities to install malware or to create credible-looking pages (on a real website) which can dupe unsuspecting site visitors. More insidiously, they use the websites’ actual email notifications or newsletters to direct people to compromised sections where they may be exposed to “drive-by download” attacks. This, of course, makes them especially hard to detect and safeguard against.

how it’s evolved

Phishing still leverages social engineering, but has added “annoyance” alongside “fear” to the selection of emotions the attempts are designed to exploit. If you’ve ever suddenly been spammed with a barrage of newsletters or cc’d emails that you never signed up for (or received before), there’s a good chance you’ve been targeted in the hopes that you’ll be annoyed enough to try to unsubscribe using their (malicious) link without paying too much attention.

In fact, the aforementioned “drive-by download” attacks are great examples of how far phishing tactics have come. In essence, this kind of attack installs malicious programs on your computer without your consent when you visit a compromised website or open an infected attachment in an email. Moreover, victims are usually unaware that they’ve been attacked at all. Stealing credentials at an individual level is no longer the ultimate end of phishing; rather, those credentials are now used to get close to someone else that’s more valuable, or to install malware which can be used to compromise your organization!

Which brings us to: “spear phishing” and “whaling”, the evolution of the phishing email. While regular variants are still common, phishers are increasingly taking a much more targeted approach with their attacks. Instead of relying on the high-volume mass email approach, they’re now dedicating time and effort to creating very convincing and functionally undetectable phishing emails specifically targeted to a specific individual or organization—something known as “spear phishing”.

This is particularly prevalent in the corporate sphere, where strategic employees or senior executives are singled out as ideal victims. Similarly, “whaling” attacks carefully construct bogus messages to look like they originated from a superior or someone highly-placed in a company or organization in order to trick the recipient into complying.

While the specifics of the attack types differ slightly, the common underlying factor is the extra effort spent by phishers on researching details about their targets in order to make their attacks look legitimate and convincing. If you’re still working under the assumption that phishing is a low-effort, easily-spotted tactic you may find yourself taken completely unawares by a sophisticated message.

Even worse: you might not even notice you’ve been the victim of an attack! For example: following a successful dupe, you’ll usually be redirected to the legitimate site you thought you were accessing, in the hopes that you won’t notice that you’ve accidentally divulged your login information to a scammer.

how to protect yourself

With myriad ways for scammers to target you, it’s understandable if you feel like trying to protect yourself from phishing attacks is a futile endeavour. However, that’s not the case at all. Now that you have a reasonably good handle on just how far (and convincing) phishing attempts can be, you can cultivate a healthy amount of skepticism for any messages, links, or requests that seem even a little out of the ordinary while being very protective of your login credentials, passwords, and user details.

In addition, there are also straightforward measures companies and individuals can employ to thwart phishing attempts, such as:

  • Automatically flagging “out-of-organization” emails, or emails from infrequent senders. Harmless emails flagged by these systems will reveal as much from a quick read, but the simple addition of these flags can undermine even an authentic-looking phishing attempt (for example: why is an email from your manager asking you for confidential information being sent from a random gmail address instead of the usual office address?).
  • Implementing a phone call or in-person approval for large transactions or major decisions. This is particularly useful in the case of whaling attacks—companies should encourage their employees to be extra certain when performing certain transactions or making major changes, especially if it prevents loss of funds or data on a massive scale. A simple phone call or verbal check can quickly unravel a carefully-constructed whaling attempt.
  • Being aware of your personal information that’s publicly-visible. If you haven’t yet, this is a great time to go through your social media and prune details such as your date of birth, education details, etc. At the very least, you should set them to only be visible to trusted friends, family, and associates. After all, those details can be used to brute force your passwords or bypass your security questions to gain access to your accounts.

Knowing when and how you can be targeted by cybercriminals will go a long way to ensuring that you won’t fall prey to their tactics. It’s a bit of a tired old saying, but knowing really is half the battle here—proper countermeasures are the other!

Airline Travel tips.

General Derek Cole 22 May

Written by Derek Cole

Been somewhere lately?  For most people, travel has been something they have have been waiting for since late 2019.  It’s official!  Travel is back baby… until the next shutdown.  Hopefully that doesn’t happen, but I feel like I cant make such a generalized statement without some sort of disclaimer.   Moving on. The line’s at airports are brutal now.  Even worse than pre 2019 due to staffing and other issues.  If you’re not at the airport at least 3 hrs early you are at risk of missing your flight.  So what can you do to increase your chances of success?

  1. For travel to and from the USA get a nexus card. They are free for those under the age of 18.  $50us for adults.  A little bit of pre-planning and paperwork and you can breeze through those long security lines with a smile on your face.
  2. Check in online.   Yes there is still a line to drop the bags off, but the line generally moves fairly quick.  Because your baggage tags are printed at a mobile station you don’t have to spend hours waiting for those who are less organized than you.  If you can cram all your swimsuits into a carryon, even better.
  3. Sit in the Emergency exit row.  If, like most people you cant afford business/first class. Exit row is the next best thing.  Not only do you get more leg room, you also (airline depending) will be allowed to board the aircraft first.  This means you know that you’re carry on luggage will be near you.  Do you like to recline your seat? Make sure you choose the back row if there is more than one EE row.  In the front row the seats don’t recline but have all other perks.
  4. If you need to park a car. Call around to some local airport hotels.  Lots will offer free parking for the duration of your trip if you stay the night before leaving.  Not only would this potentially save you money in parking, you will also have access to a free shuttle. Then you can get a good nights sleep and wake up more organized, rested and overall start your trip with a clear mindset.
  5. Relax, be prepared.  The more prepared you are the better things will go.

Lastly remember the journey is still part of the trip.  Making the best of it will automatically add 2 days to your already short vacation. Lastly, I want to leave this little gem for those that made it till the end.   If you check in with less than 24hrs till departure on some airlines you can select your seat for free!  This includes the emergency exit row.  Fly Safe!

 

Investment Properties.

General Derek Cole 15 May

So, you are looking to purchase a second property! Congratulations! This is a great opportunity for you to expand your financial portfolio and ensure stability for the future. However, before you launch into this purchase there are a few things you should know, depending on which type of second property you are looking to purchase.

SECOND PROPERTY WITH INTENTION TO RENT

Buying a property for the purpose of renting it out to someone else comes with different qualifying criteria and mortgage product options than traditional home purchases. Before you look at purchasing a rental property, there are a few things to consider:

  1. The minimum down payment required is 20% of the purchase price, and the funds must come from your own savings; you cannot use a gift from someone else.
  2. Only a portion of the rental income can be used to qualify and determine how much you can afford to borrow. Some lenders will only allow you to use 50% of the income added to yours, while other lenders may allow up to 80% of the rental income and subtract your expenses.
  3. Interest rates usually have a premium when the mortgage is for a rental property versus a mortgage for a home someone intends on living in. The premium can be anywhere from 0.10% to 0.20% on a regular 5-year fixed rate.

Rental income from the property can be used to debt service the mortgage application, but do bear in mind that some lenders will have a minimum liquid net worth requirement outside of the property. Also, if you do eventually want to sell this property it will be subject to capital gains tax. Your accountant will be able to help you with that aspect if you do decide to sell in the future.

VACATION PROPERTY

While vacation properties are not always the perfect investment, they are popular options for people who want to get away from it all and build memories in! If you’re motivated to head down that road, buying a vacation property is essentially like purchasing a second home.

If you are considering buying a unit within a hotel as a vacation spot (known as “fractional ownership”), it is important to note that if there is any mention of using your vacation home to provide rental income it will be treated like an investment property.

SECONDARY PROPERTY

Most people are trained to stay out of debt and don’t tend to consider using the equity in their home to buy an investment property, but they haven’t realized the art of leveraging. If you’re using equity from your primary residence to buy a secondary property, keep in mind that the interest you’re using is tax deductible. Consider that you’re buying an appreciating asset, and if you put a real estate portfolio and a stock portfolio side-by-side, they don’t compare.

WHO IS A GOOD CANDIDATE?

You might be surprised to learn that you don’t need to make six figures to get in the game. Essentially, you just have to be someone who wants to be a little smarter with their down payment. Before taking on a secondary property remember that the minimum down payment is 5% of the purchase price – unless you are intending to rent, in which case it is 20% down.

When it comes to purchasing a secondary property, whether for investment or rental or vacation, it can be a great opportunity! As your mortgage broker I can work with to find the best solution for your unique needs.

AIR BNB ON YOUR MIND?

More and More Canadians are hopping on the short-term rental train as Air bnb’s popularity has sky-rocketed over the last few years. It’s not a bad way to earn extra money, but don’t forget there are a few things to consider:

  • Check strata/city bylaws
  • Contact your insurance provider to get correct coverage
  • Talk to your mortgage broker to see if a short-term income property can affect your approval
  • Consider tax implications, and talk to an accountant.

The more services you provide as a host, the greater the chance that your rental operation will be considered a business.

Published by DLC Marketing team

How to protect yourself from real estate fraud and schemes.

General Derek Cole 9 May

 

As online-based transactions become more prevalent, cybercriminals are finding new and creative ways to steal your money.

So, what can you do to make sure you don’t fall prey to these malicious attacks? Here are the most common types of real estate fraud schemes and some ways that you can safeguard yourself.

WIRE FRAUD

One of the most common types of real estate fraud is wire fraud. Fraudsters send you an email or text that outlines instructions on where to wire your deposit funds to be held in trust.

These cybercriminals may even set up a fake website that looks similar to your lending company’s site. The phone number, URL and email addresses will typically look familiar. They might just be one letter or number off. It’s an easy thing to miss if you aren’t looking closely.

If you send the money this way, the scammers can withdraw your money from some offshore account and you are left a victim of fraud.

LOAN FRAUD

You get an email telling you that you are pre-approved for a special mortgage loan with a super-low interest rate. Often, these “mortgage agencies” are fraudulent loan companies that offer a steep discount on loans if you pay an upfront fee.

Be wary of any service that asks for your banking information or other sensitive information. Do your research on the company before moving forward. Ask for a list of referrals you can contact.

Remember, if it sounds too good to be true, it probably is.

TITLE FRAUD

One of the most devastating real estate fraud schemes for property owners is title fraud.

Title fraud usually starts with identity theft. Scammers get a hold of your online passwords and sensitive information. Then, they use fake documents to pose as the property owner and transfer the property to his or her name. They typically take out a mortgage or line of credit against the property. The criminal then takes the cash and runs, leaving you stuck with the payments.

How to protect yourself from real estate fraud schemes

As alarming as these types of fraud are, there are many things you can do to protect yourself from becoming a victim to these schemes.

PROTECT YOUR PERSONAL DATA

Use a unique password for each login account. It’s wise to keep your antivirus and security software installed and up to date. And avoid sensitive transactions such as online banking or shopping when you’re using public Wi-Fi.

When conducting online transactions that involve money or personal data, use password-protected emails.

CONFIRM VALIDITY

Before you send money or give out sensitive information to a third party, verify that you are dealing with the legitimate company or person.

Make sure you check the original documents from your lender and call the listed phone number to verify the payment instructions.

GET TITLE INSURANCE

If you’re buying property, make sure that you get title insurance. Title insurance is your best protection against title fraud. It also protects you from existing liens on the title, encroachment issues and errors in surveys and public records.

 

Published by FCT

Documents Required to Qualify for a Mortgage.

General Derek Cole 2 May

Documents Required to Qualify for a Mortgage

Mortgages can sometimes feel like endless stacks of paperwork, but being prepared in advance can save you time and stress! Getting your mortgage pre-approved is part of this prep-process, and will make things easy in the long run.

In order to get pre-approved, the lender must have taken you on as a client and reviewed all your documents before you begin house-hunting. It is important to ensure you have your pre-approval certificate before moving ahead and your pre-approval agreement in writing. This should include the pre-approved mortgage amount, the mortgage term, interest rate, payment information and the expiry for the pre-approval. Typically, they are valid for up to 120 days.

To prepare for the mortgage pre-approval process, there are a few must have documents that you will need to organize and have available prior to submission.

  1. Letter of Employment: One of the key aspects for financing approval is employment stability. Lenders want to see a letter from your employer (on a company letterhead) that details when you started working at this company, how much you make per hour or your annual salary, your guaranteed hours per week, and any probation if you are new. This can be done by your direct manager or the company HR department – they will be used to this type of request.
    1. Previous Two Pay Stubs: In addition to the employment letter, you must also have your previous two pay stubs. These must indicate the company name, your name and all tax deductions.
  2. Supporting Documents for Additional Income: If you have any other income, such as child support, long-term disability, EI, part-time income, etc., the lender will want to see any and all supporting documentation.
    1. NOTE: If you are divorced or separated and paying child support, it is important to also bring your finalized separation or divorce agreement. In some cases, they may request a statutory declaration from your lawyer.
  3. Notice of Assessment from Canada Revenue Agency: Lenders will also want to see your tax assessment for the previous year. If you do not have a copy, you can request one from the CA by mail (4-6 weeks) or you can login to your online CRA account to access it.
    1. Your Previous Years T4: Along with your tax filing and assessment notice, lenders will also want to see your previous years T4 slip to confirm income.
  4. 3-Month (90 day) Bank Account History: Lastly, it is important for lenders to see 90 days history of bank statements for any funds that you are using towards the down payment. As saving up for a down payment takes time, there should be no issues providing these documents. If you received the money from the sale of a house or car, or as a gift from your family, you will need proof of that in the form of sales documents or a letter.

The above documents are required for any potential buyer who is a typical, full-time employee. But what if you only work part-time? Or maybe you are self-employed? Here is what you will need:

part-time employee

You will still require all of the above documents (letter of employment, previous pay stubs, supporting documents for any additional income and 90 days of bank history).

However, the difference between a full-time employee and a part-time employee, is that if you only work part-time, you will need to supply THREE years worth of Notice of Assessments, versus just one. You will also need to have been working for at least two years in the same job to use part-time income.

If you have both a full-time and a part-time job, you can use that income too, assuming it has been at least two years.

self-employed

If you are self-employed, the requirements for documents to lenders is slightly different. You will need to provide them:

  1. 3-Month (90 day) Bank Account History: Lenders need to see 90 days history of bank statements for any funds that you are using towards the down payment.
  1. T1 Generals: Also known as the Income Tax and Benefit Return
  2. Statement of Business Activities: This is used to illustrate the business income versus expenses and should include financial statements for your business.
  3. Notice of Assessment from Canada Revenue Agency: Similarly to part-time income, if you are self-employed you will also need to provide the previous three years of assessments.
  4. If Incorporated: You will need to supply your incorporation license and articles of incorporation.

When it comes to mortgages, preparation is key. By having pre-approval in hand, it can prevent any delays or issues with subject-to-financing clauses in the mortgage agreement. While you can walk into a bank, fill in an application and get a rate for a potential mortgage, this is just a ‘rate hold’ meaning it is a quote on the rate so you can qualify for the same rate later. This is not a pre-approval and does not guarantee financing.

To save yourself the headache down the line, contact a Dominion Lending Centres mortgage broker today to start the pre-approval process! Plus, our services are free to you. Why wait? Get fully pre-approved today to make closing the deal that much faster when you do find that perfect home.

Published by DLC Marketing team.