# Net Worth Updates - Security risk?



## Temp88 (Jul 22, 2011)

Hey,

I'm thinking of starting a financial blog to track my journey through finishing college onto the workplace and possibly all the way to early retirement.

I was thinking of posting net worth updates along the way. This would force me to stay up to date with my finances.

I'm hesitant to do so however for security reasons. Can posting a net worth update (like, say Million Dollar Journey) pose a security risk if someone has access to this information and can link it to me? Like Identity theft or something?


----------



## Jungle (Feb 17, 2010)

I doubt it. Odds are pretty slim that robbers are lurking networth updates to target those people. Instead, they will just do break and enters and muggings on the street.


----------



## m3s (Apr 3, 2010)

Best thing to do is never leave your house. Somebody might follow you home or see your fancy Nike shoes.

With lots of harmless information someone can do damage, but they can get that information far easier if they want than searching online..


----------



## OhGreatGuru (May 24, 2009)

Ah me, how times change. There was a time when talking publicly about your net worth was terribly gauche - it simply wasn't done by people with manners. Now people think nothing of posting it on the net.


----------



## Financial Cents (Jul 22, 2010)

NW updates are not a big concern online. You have a better chance of getting run-over on the street by an out-of-control car. Neither is good mind you


----------



## Karen (Jul 24, 2010)

OhGreatGuru said:


> Ah me, how times change. There was a time when talking publicly about your net worth was terribly gauche - it simply wasn't done by people with manners. Now people think nothing of posting it on the net.


It's hardly the same thing, in my opinion. It's one thing to discuss one's net worth directly in public and quite another to disclose it on an anonymous website forum. There are a few people on this forum who have a public persona. They do not disclose their NW with good reason, but I see nothing "gauche" about those members who are anonymous doing so. I quite enjoy seeing the NW statements of the members who update theirs every month - it's interesting to see how they are progressing, and it's harmless because we don't know who they are.


----------



## LBCfan (Jan 13, 2011)

I'm one of the private ones with $100,000,000,000. Go ahead and steal my identity, I dare ya.


----------



## ddkay (Nov 20, 2010)

http://www.ted.com/talks/mikko_hypponen_fighting_viruses_defending_the_net.html


----------



## ddkay (Nov 20, 2010)

It's relatively easy for an experienced cybercriminal to stealthily take control of this forum with a custom/unpublished/unpatched exploit and send every member a phishing e-mail to reset their password. Next thing you *don't* know you've got a rootkit with keylogger installed that transmits everything you type including banking logins, because your browser ran an old insecure version of Flash with memory leaks and 32 security holes.

Possible money exit route: Interac email money transfer with 1000$ daily withdraw limit. As far as your bank is concerned #1 you knew who you were sending money to or else #2 you were negligent so you're exempt from their security guarantee.

What now?

You guys must have never experienced an Internet attack before. Obviously comments like LBCfans would be ignored until he posts data that looks realistic and maybe they want to find out where he lives or something. Small chance of it happening to any single person but it's not an impossible scenario. Usually the objective for electronic thefts is quantity based, like collecting hundreds/thousands of accounts for single 1000$ withdrawals, instead of only getting into one big shots account with 10mm dollars but cybercriminal is limited to withdraw a measly 1000$ a day.


----------



## m3s (Apr 3, 2010)

ddkay said:


> Next thing you *don't* know you've got a rootkit with keylogger installed that transmits everything you type including banking logins, because your browser ran an old insecure version of Flash with memory leaks and 32 security holes.
> 
> What now?
> 
> You guys must have never experienced an Internet attack before.


I've had phishing emails before and it was pretty obvious, but then again I grew up with computers. Asking for a password is a dead giveaway. Otherwise they have to get my physical Euro transmitter gizmo as well to access my bank, which doesn't have *all* my money anyways. In Canada they would have to know my personal questions when logging in from a random IP.

If your bank doesn't have physical security devices or extra security besides a simple password, they're liable for the loss anyways. Since when have banks and CC's not accepted this as part of business? If there's enough fraud going on it's worth investing in security, otherwise it's cheaper to pay the measily random $1000

Once again, don't leave your house if you're worried about this stuff


----------



## OhGreatGuru (May 24, 2009)

Karen said:


> It's hardly the same thing, in my opinion. It's one thing to discuss one's net worth directly in public and quite another to disclose it on an anonymous website forum. There are a few people on this forum who have a public persona. They do not disclose their NW with good reason, but I see nothing "gauche" about those members who are anonymous doing so. I quite enjoy seeing the NW statements of the members who update theirs every month - it's interesting to see how they are progressing, and it's harmless because we don't know who they are.


If it is truly anonymous, you can't sort the fictitious from the real, so what's the point? Other than the vicarious thrill of tracking the financial ups & downs of a fictitious screen personaltiy?

If it is not anonymous, or open to being hacked, then there is a security problem.


----------



## brad (May 22, 2009)

Years ago I tried connecting directly to my DSL modem without using a router or other physical firewall, and I monitored my software firewall's statistics: within 1 minute of my going online, my computer had already been attacked 4 times. There were hundreds of attempts per hour to install Trojans and other malware.

Another eye-opener was when I started managing a website for a client who wanted to know who was visiting the site; the web statistics log IP addresses, and it's easy to look up IP addresses online. I couldn't usually trace it right down to the person, but could trace it to a specific lab in a specific university, for example. If a site administrator has a weak password (some people just use "Password1" or something like that), it doesn't take long to hack into a site and get data on users.


----------



## ddkay (Nov 20, 2010)

mode3sour said:


> I've had phishing emails before and it was pretty obvious, but then again I grew up with computers. Asking for a password is a dead giveaway. Otherwise they have to get my physical Euro transmitter gizmo as well to access my bank, which doesn't have *all* my money anyways. In Canada they would have to know my personal questions when logging in from a random IP.
> 
> If your bank doesn't have physical security devices or extra security besides a simple password, they're liable for the loss anyways. Since when have banks and CC's not accepted this as part of business? If there's enough fraud going on it's worth investing in security, otherwise it's cheaper to pay the measily random $1000
> 
> Once again, don't leave your house if you're worried about this stuff


I wrote that post too early in the morning. Forget the first step about receiving an email. You don't even have to enter your password, the website could be comeplety blank but has an invisible flash applet, all the user has to do is click a link, even posted directly on this forum for their box to get "pwned".

Theoretical cybercriminal wouldn't need to login from a random ip, since they now control your computer, they can use your computer as a proxy. They can remotely clear your browser cookies so you have to re-enter all your logins. There's a lot of creative ways around even the security measures the banks have you believe are safe. If the Pentagon can't protect its data, what makes anyone think they can do better?

In the context of this website I can understand how tracking net worth is valuable, but I still think it should be kept private info because it could attract unwanted attention.


----------



## m3s (Apr 3, 2010)

Like I said you can never prevent all security infringements no different than anything really. It's just not economically feasible to lock down the world and the internet for fear of someone stealing $1000 at a time. The bank will be happy to pay back your $1000 loss or invest in higher security if required

Once again, by the sound of your paranoia, I can only assume you only leave the house in worn out jogging pants and a beat up car? Nice shoes or car would of course "attract unwanted attention"


----------



## DanFo (Apr 9, 2011)

Put in another perspective..My parents were a part of a debit card scam....they think from the local truck stop (dads a trucker)..It didn't make them stop using debit/credit cards..The bank was quick to refund all the money taken and issue them new cards. Statistically your probably more apt to be mugged walking in the street/ car borken into...I do get title/ Idenity theft coverage through work though which relieves some of my worries personally.


----------



## financialnoob (Feb 26, 2011)

I'd say it does add an extra element of risk, but some perspective is needed. I don't think it doubles or triples the chances of being hit. I mean online banking also increases the potential risk of being hit, but people still do it.

If you're concerned, set up a new account and maybe a different email address on Gmail or similar? That way it's totally not linked to an email or account you use for other things. 

There's no way to totally eliminate the risk but that risk is fairly minor.


----------



## KaeJS (Sep 28, 2010)

I think I'm with *mode* on this one.

People get too paranoid about this stuff.

Putting up networth updates isn't going to expose yourself to any risk.


----------



## kcowan (Jul 1, 2010)

I don't share any details of our net worth online. I view disclosure the same way telling someone at a cocktail party. It is none of their business and them knowing might impact how they treat us. But it is unlikely to help us.

Similarly I don't reveal that makeup of our portfolio, nor its performance. It is just a judgement call.

(Also I keep details of my penis size to myself.)


----------



## Temp88 (Jul 22, 2011)

mode3sour said:


> Once again, by the sound of your paranoia, I can only assume you only leave the house in worn out jogging pants and a beat up car? Nice shoes or car would of course "attract unwanted attention"


Woah, don't exaggerate - I don't own a car yet 

Actually I quite trust the web, I do as much of my banking online as possible, I shop online, I use mint.com, etc... However, I know a lot less about the financial system than I do about computers and the Internet (I'm an Electrical Engineering student).

If it was anonymous I wouldn't have a problem with it. However, the only domain name I have registered at the moment is with my personal name. So I was wondering if it's worth anonymously registering a second domain name for blogging my financial journey.



> I quite enjoy seeing the NW statements of the members who update theirs every month - it's interesting to see how they are progressing, and *it's harmless because we don't know who they are.*


But what if we do?


----------

