Flipping Houses — It’s Not Like TV

Flipping a house can seem like a walk in the park when it’s wrapped into a few montages during a half-hour TV segment. Find a run-down property. Buy it. Take out a few walls, paint, replace carpets, upgrade the kitchen and voilà – you could make tens of thousands of dollars in just a short time. Reality is seldom so straightforward. Flipping a home can be risky, and there’s no guarantee you’ll profit.

Finding and buying the right house at the right price point can be difficult. The shows often start with the submission of a winning offer on a home. You may not realize that it takes a lot of work to determine what a potentially good flip looks like and find a property to match.

Experienced flippers have learned how to estimate costs and work backward. A rule of thumb in the industry is to take 70 percent of the potential selling price (what’s known as the after-repair value, or ARV), subtract the renovation costs and use that as the maximum buying price.

You’ll need a lot of background information, including comparable selling prices of similar homes, to figure out the right numbers. The ability to be honest with yourself while estimating the cost of parts and labor is also important.

For example, if you estimate that you could sell your renovated home for $200,000, you’d start at $140,000 (70 percent of a $200,000). If you calculate that the renovation costs will be $40,000, you’ll arrive at the maximum buying price of $100,000. The 30 percent margin that remains if everything goes according to plan isn’t entirely profit; you may still have expenses like closing costs or reimbursing your investors.

You need a lot of working capital. While paying cash for a home can expedite the sale and increase profits, it might not be an option for beginner flippers. However, traditional lenders don’t necessarily offer financing for flips, especially if you’re trying to fix up a dilapidated home. Even when they do, you might not be able to borrow enough to cover all your expenses.

Instead, some flippers turn to hard-money lenders, private individuals or companies that issue short-term loans backed by real assets (such as the home you’re buying). With either traditional or hard-money lenders, expect the financing costs to be higher than what you’d pay for a mortgage if you’re buying a home to live in.

Keeping an eye on your total budget is essential. If you borrow enough money to make the purchase but don’t have cash on hand to pay for the renovations and unexpected contingencies, you’ll be stuck before you even start.

In addition to the purchase price, you’ll need money for renovations, upgrades, inspections and permits. Also, consider the cost of ownership between the purchase and sale. Carrying costs, including utilities, financing, insurance and property maintenance, can add up each month.

You want to move fast. One thing you pick up from TV is that time is of the essence. In competitive markets, you’ll need to move quickly to evaluate a home and put in an offer before someone else buys it.

Successful flippers may have a real estate license or work with a real estate agent to get access to the multiple listing service (MLS), a directory of homes that are for sale. Others look for homes that are for sale by owner (FSBO) or use direct mail campaigns to reach out to prospective sellers.

Once you buy the home, there’s another race against time to complete the work and make a sale. Working with a trusted contractor and real estate attorney could expedite the project. Once you’ve developed a strong working relationship, you may even want to invite others to join your team and contribute their work in exchange for a cut of the profits.

Bottom line: Flipping homes can be profitable, particularly for those who have professional real estate experience, but don’t expect it to be easy money. Months of hard work can go into a flip without any guarantee of success.

by Nathaniel Sillin

Android Users Are Prime Targets for Banking Malware and Phishing

It was a surprisingly tough year for Android users with regard to malware and phishing attacks. While experts at Kaspersky Labs had expected attacks against those devices to follow the downward trend from 2014 and 2015, it actually increased by a whopping 30.6%.

All cyber gang related phishing and malware attacks were primarily directed toward Android users in 2016, likely because that is the most popular mobile operating system in the world. Banking malware campaigns actually surpassed the one million mark last year, making it the highest number of such attacks since security researchers starting recording those statistics.

The most popular malware strain seen last year targeting the operating system was Zbot (also called Zeus). This accounted for nearly half of the attempts. Zbot is primarily distributed via spam campaigns and drive-by downloads. It is designed to steal confidential information, especially banking login credentials, off the infected device. It can also download other configuration files and updates.

Everyone gets spam these days and email that they are not expecting that might even appear legitimate or from a known sender. However, often inside them are links and attachments that include malware or forms where the thieves ask for credentials to be entered for various accounts. Therefore, if one of these messages happens to get through the security technology, be wary of clicking any links or attachments. Even if you recognize the sender, it’s best to verify that the information in the messages is legitimate before clicking it.

If you don’t expect to receive something, or there is no specific information in the message that gives you the comfy cozy feeling that it’s safe, don’t click it. For example, if it arrives unexpectedly, but has a note from your sister that she thought the link would be helpful after a discussion you had last week about that topic, it is probably safe to click.

Other ways to determine if it’s real are:

-Clicking the sender’s address to see if it’s what you expect it to be, or
-Hovering over links with the mouse pointer or holding down on them if you’re on a touchscreen device to see where they actually go.
-If they don’t make sense, don’t go any further.

While many cybercriminals are now targeting organizations, in this case it was the average consumer that was targeted at a rate of more than four out of five attacks. Presumably that is because these criminals are choosing volume over fewer targets for more money. After all, even small amounts of money add up to big numbers after a while.

Users in Russia, the U.S., Germany, Japan, and Vietnam were the top targets for this in 2016.

Coming in second place to Zbot was the Gozi family of malware at 17%. Gozi was developed to steal online banking credentials. It’s author actually was sentenced to 21 months in prison, which was essentially served while he was awaiting extradition from Lativa to the US. That obviously didn’t stop his legacy from continuing on with the help of other cybercriminals.

© Copyright 2017 Stickley on Security

iPhone Users Tricked With Crafty Ransomware Using Safari Vulnerability

If you haven’t noticed yet, there is a new iPhone update to version 10.3. It was just released to fix a vulnerability that would allow a popup box to be displayed and then put into a continuous loop in the Safari browser. This was found by security company Lookout and reported to Apple for a fix. Since the patch has been released, details have surfaced about how that hole was, and still is being used by attackers as a way to trick victims out of money.

Within Safari, if a phishing attack is successful, a popup appears
on select pages that accused victims of accessing illegal pornography or pirated music. The messaged claimed that all data on the phone was locked and would not be unlocked unless a code for an iTunes gift card in the sum of approximately $125 was sent to a specific mobile phone number. When the “OK” button was clicked, it just kept cycling in a loop and would not go away.

However, the popup appearing to be a form of ransomware was actually fake. The devices don’t get locked, but the attackers are using scareware in the hopes that victims send money before they realize that all they have to do to clear the dialogue box is clear the Safari browser cache.

Many think that Apple devices are safer than other operating systems. However, this ploy shows that nothing is invulnerable to cyber trickery or scams. Regardless of the operating system running on a device, it should always be kept up-to-date with the most recent patches and software versions.

In addition, use caution when browsing the Internet. It’s very easy to mistype a URL and go to the wrong page. Cyber thieves count on this happening and purchase domains that are so similar to popular sites; even one character off, that people often will make typos and land on those rogue pages. This is called typosquatting or domain jacking. If you are manually typing in an address, review it before hitting the “return” key.

In this case, the attackers purchased several domains and used the country code from victims’ devices to determine the popup message that was displayed. They also used icons such as logos from the National Security Agency (NSA) or Interpol to further legitimize the sites. Always be careful about clicking on links or attachments that arrive in email as well. If you don’t know the sender or are not expecting it, verify it’s real before clicking it. Often, scams like these are successful because someone didn’t do that.

© Copyright 2017 Stickley on Security

Smart Giving: How to Make the Most of Your Charitable Donation

If a cause or charity is inspiring you to give, know how to make the most of your generosity first. The federal government rewards those who make charitable contributions with significant tax breaks, as long as a few rules are met.

To be sure you are donating to a worthy and above-board organization, request a copy of its financial report. It summarizes the organization’s tax status, programs, and how the funds are used. With the exception of places of worship, all charities must file such a report with the IRS. You may also contact your state’s attorney general’s office or the Better Business Bureau for further investigation.

Sadly, whenever money is involved, fraud is also prevalent. Be particularly cautious when solicited by a charity. Warning signs of scams include:

-High-pressure sales pitches

-Requiring you to make an immediate donation

-Only being able to offer a “tax ID number,” which is no more than an employer identification number and does not guarantee non-profit status

A wonderful aspect of giving is the ability to deduct at least some of your donation from your income taxes. In order for the contribution to be tax deductible, it must be made to a qualified organization that meets IRS guidelines. To know if it does, you may ask the organization. But to be sure, check the IRS’s “Publication 78” online at www.irs.gov for the most up-to-date list of qualified charities, or call the IRS at 800-829-1040.

How to Donate Money
When donating money, for tax purposes and safety reasons, never pay with cash. Either write a check, made payable to the organization (never the individual collecting the donation), or use a credit or debit card. Avoid giving your account information over the telephone.

Another way to give money while minimizing your tax liability even further is to donate appreciated assets. By giving stock that you’ve held for more than a year directly to a qualified charity, you can claim a deduction for the full price of the asset – thus escaping a potentially hefty capital gains bill.

How to Donate Property
If you are considering donating such property as a vehicle or boat to a charity, be aware that the tax deduction rules have changed in response to past abuse of the system. Now, if you donate real property with a claimed value of over $500, your deduction depends on what the charity does with it.

If the organization uses your property (or makes a significant improvement to it), you may deduct its full fair market value from your income taxes. If, however, they simply sell the property, your deduction will be the gross price the charity receives from the sale.

How to Donate Goods
Yet another way of giving to a cause is to donate goods – including clothes, computers, and other personal and household items – to a charity.

Before boxing them up and delivering them to your local shelter, first determine their fair market value so you can receive the appropriate tax deduction. Fair market value is considered the price at which property would change hands between a willing buyer and a willing seller.

Also for tax purposes, be sure to keep a detailed record of your donations. You should have evidence of the condition and number of items you donated, the date you purchased the items and what their original price was, and signed and dated receipts from the organization that received them.

How to Donate Time
Have more time than money and possessions, or want to share your particular strength with those in need? Volunteer. Tax breaks are available to those who give in this special way. While there is no deduction for the value of services you provide, you may deduct a number of out-of-pocket costs associated with volunteerism, including:

-Reasonable and substantiated travel expenses
-Gas and oil expenses of 14¢ per charitable-use mile
-The cost of entertaining others on behalf of a charity (but not your own entertainment costs)
-Purchased equipment for volunteer duties (as long as you don’t maintain ownership)
-The cost of maintaining your own equipment used for volunteer duties
-Uniforms required for the volunteer service you perform
-Never before has giving—whether it’s money, property, or time—been more necessary and valued. And by doing it right, your generosity can go a very long way.

Revised January 2016.

What Does Retirement Look Like If You Haven’t Saved?

The picture of retirement that many of us have is a post-work period filled with travel and plenty of relaxation. It’s a time when you can finally take up a new hobby, sink into the pile of books and enjoy more time with family and friends.

The reality is that many haven’t been able to save enough money to enjoy this idealized retirement. What might their retirement look like?

You may be working for longer than you expected. Many people undergo a period of “phased retirement” and either reduce their hours or start a new part-time job after retiring from a full-time schedule. Even those who don’t have a financial need may find that they value the activity and connections work brings to their lives. Without savings, continuing to work might not be a choice, but you can still look for fulfilling opportunities.

Continuing within the same profession part-time or taking on related consulting work could be the most financially rewarding route, if it’s an option. Alternatives such as customer service positions with a retailer are popular among some retirees. There are also Internet-based jobs that allow you to work from home.

Social Security could be your sole source of income. Retirees who don’t have a pension or savings and stop working may find that Social Security is their only income.

Your Social Security benefit depends on when you were born, how much you’ve paid into the program, when you start to take benefits and whether or not you’re eligible for a government pension.

Once you start receiving benefits, you’ll lock in your monthly amount, although it will adjust to account for inflation. Therefore, deciding when to start taking Social Security benefits is important, as it can impact your income for the rest of your life.

Claiming benefits once you reach your full or normal retirement age, 65 to 67 depending on when you were born, is when you’ll receive 100 percent of your monthly Social Security benefit. Taking benefits early can lock in a lower rate, while waiting can increase the monthly benefit.

In 2017, if you’re eligible for the maximum benefit and start claiming at 62, you’ll receive about $2,153 per month. If you waited until you were 70 this year, you’ll receive about $3,538 per month.

You can use the SSA’s Retirement Age Calculator to see how taking Social Security early, or waiting, can affect your benefit.

You might have to downsize and make lifestyle changes. Moving to an area that has a significantly lower cost of living could mean the difference between living with financial challenges and having a comfortable retirement. Some people look for less expensive areas close to family members or even an expat community in a different country.

If you decide to stay in the same area, a smaller home can lower your property taxes and maintenance costs. You can also take any profits from the sale of a larger home and pay off debts or build an investment portfolio.

Housing aside, there are many ways to downsize your lifestyle, such as selling a vehicle, shopping at secondhand stores and cutting back on monthly entertainment expenses.

One helpful part of aging is you’ll be eligible for all sorts of new discounts and benefits. Look online for lists of stores or organizations that offer senior discounts. You can use the National Council on Aging BenefitsCheckUp to see which benefits you might be eligible for based on your ZIP code and personal information.

Bottom line: Many aging Americans don’t have enough savings to fund their lifestyle through retirement. Deciding when to take Social Security benefits and where to live are two of the most pressing questions on the horizon. No matter what you choose, you may need to supplement your income with part-time work and look for ways to significantly lower your cost of living to enjoy retirement.

by Nathaniel Sillin

Fake Social Media Pages Increased 1100% in Two Year Period

Fake social media pages are abundant. The social media security company ZeroFox analyzed over 40,000 fake social media sites and found that the number of these increased 11 times between 2014 and 2016. And more than 50% of them impersonated brands and offered up phony coupons or bogus giveaways to take advantage of users.

There were many ways they accomplished this according to ZeroFox, but the top three were verification phishing, paid advertising impersonations, and fake customer support.

Websites can get verified in social media. These sites usually display some type of icon or “badge” to indicate this. Users are
supposedly given more confidence when one of these “verification badges” is displayed. Unfortunately, scammers also use these to trick people into giving up personal information such as login credentials or to get malware onto devices.

Advertisements are the way most social media sites can provide their services free of charge to the end-users. Scammers will create fake ads and pay a lot to have them displayed more frequently in newsfeeds. This means more opportunity to engage in their scams.

Customer support is often offered on legitimate company social media sites. This is a convenient way for customers to interact with businesses. Yes, the scammers set up fake sites for this purpose to and often acquire a significant amount of personal information through them.

Unfortunately, it is often very difficult to detect these fake pages. The scammers are patient and take the time to make their impersonations look nearly identical to the real companies. And there isn’t much that can be done about it either. That’s because they often will execute a scam and delete their pages so quickly that no one knows what happened. So, the social media companies are working on additional security to prevent this.

The primary way to protect oneself is to enable multifactor authentication (MFA) or two-factor authentication (2FA) whenever it’s offered. Sometimes it means receiving a one-time code on a smartphone via text or phone call. Sometimes, it involves challenge questions. A more sophisticated way gaining ground is to use a U2F security key. These little devices are easy to set up and use and make an account nearly impossible to crack or phish. More sites are offering this as an MFA solution and Facebook announced it is now supporting it, while Google has been for some time. While it will not clue anyone in to whether or not a page is an imposter, it will prevent logins to your accounts should you get caught up in one of the scams.

It’s also wise to avoid clicking on so-called “clickbait.” These are advertisements or posts that seem a bit extreme or outrageous in an attempt to get clicks. Some of them merely go to shopping sites, but others install malware.

In addition, if you have favorite social media pages, follow or bookmark them and use those to see their feeds and pages. This will prevent you from falling for the imposter pages.

The sites analyzed by ZeroFox included Facebook, YouTube, Google+, Twitter, Instagram, and LinkedIn. Of these, the first three offer the U2F key solution and all except Instagram offer some type of MFA. And while it does take an initial small financial investment to use the key, it will provide an additional clue if a site is phishing. If you login and it doesn’t ask to insert the key, it very well could be phishing. According to Proofpoint, phishing on social media increased 500% in 2016.

© Copyright 2017 Stickley on Security