What is Doxing and How Do You Prevent It?

What is Doxing? What does it mean to dox someone? In the era of high cybersecurity threats and online harassment, doxing is one of the number one forms of revealing someone’s identity without their consent. This guide gives you insight into the many ways doxxing can impact someone, the different methods of doxing, whether doxing is illegal, and preventive measures. 

TIP – One way to ensure that no one gets their hands on your sensitive and private data is by creating strong passwords for all your social media accounts. If you don’t know how to create one or how to start with secure passwords, use the best password manager for it. Right now, FastestPass can not only generate strong and unique passwords, but also allows you to store them safely in the security vault. 

What is Doxing?

Doxing or doxxing is a word derived from the slang term “dropping dox,” or dropping documents, which was coined from old-school tactics from the hacker revenge culture in the 1990s. It refers to a type of cyberbullying where private or confidential information is exposed and used to harass, shame, cause financial damage, or otherwise exploit the targeted person. Doxing is not only targeted towards celebrities or politicians. It’s a method of cyberbullying, harassment, and exploitation that is targeted towards even teenagers, office colleagues, old schoolmates, etc. There are some who believe that the intensity of doxing is minor, considering some of the victims are public figures. However, the impact of it is still high, leading to all sorts of vulnerabilities and public humiliation, and in many cases, death.  

Is Doxxing Illegal?

Doxing is not considered illegal, but that all depends on the degree of damage done through it. The act itself is termed as a criminal offense if doxxing leads to cyberbullying, illegal hate crimes, intimidation, stalking, blackmail, etc. Doxing itself is not safe, especially if it makes the victim fear for their life. 

How Does Doxing Work?

Cybercrimes have evolved significantly, and many of them remain fast-paced; doxing is one of them. You will be surprised to know how easy it is to get hold of your personal or hidden data, no matter how safe or untouchable you believe it to be. 

There are many cases where user accounts are compromised without the user even knowing what happened. All information collected can then lead to bigger stories, some of which are scandalous. For high-profile doxing, the doxers may sell the stolen data on the Dark Web. 

Other than that, here is how doxing works: 

Phishing Attempts

Phishing scams, among many, are also on top of the list of growing cyberattacks. If someone manages to get a hold of your email, passwords, or other details via a malicious or phishing link, they can then use that information to conduct a doxing attack. 

Stalking on Social Media

When your social media profiles are set to public, anyone can view the details you share. This can include your workplace, friends, photos, family connections, hobbies, travel history, pets, and other personal information. If your patterns online are very obvious and repetitive, doxers can easily use that information and make several attempts to answer security questions to access your accounts. A few of the security questions that are breakable are “What’s your mother’s maiden name?” and “What’s the name of your pet?” etc. 

Username Tracking

It’s a fact that most users often create similar nicknames or usernames for all social media accounts or websites. This kind of mistake makes it incredibly easy for cybercriminals to link accounts back to you. How is this doxing? Well, they can use all the information gathered, including name, pictures, documents, etc., and discover a much more revealing document of sensitive information about you. 

Domain Searches (WHOIS)

When you register a domain, your personal details are recorded in a registry. In many cases, this data can be viewed through a basic WHOIS lookup. During the registration process, you typically have the choice to keep this information private. If you decide not to enable privacy protection, anyone can easily find your name, phone number, physical or business address, and email address without needing advanced tools.

Tracking IP Addresses

Doxers use certain tools that can track your physical IP address back to you. Once this is achieved, they can contact your service provider, pretending to be you, and phish for personal information. Internet Service Providers are not always the most vigilant when it comes to security measures and customer confidentiality. This makes the information so much easier to get access to. 

Reverse Mobile Phone Searches

If attackers obtain your mobile number, they can quickly reveal additional details about you. There are several reverse phone lookup tools, including Whitepages, that allow users to enter a phone number and reveal its owner’s information. Platforms like Whitepages, Reverse Australia, and Who Called Me offer both free and paid options to reveal details about the owner of that phone number.

Kinds of Doxing Examples

There are a few kinds of doxing, including: 

• IP address doxing: happens when a person’s location is tracked and publicly exposed via their IP address.
• Phone lookup doxing: when the attacker uses reverse phone search tools to uncover the owner of a specific number.
• Data broker doxing: it’s when the attacker obtains personal information through online databases or commercial data broker services.
• Social media doxing: collecting details from public posts, shared photos, videos, location tags, and public profile information.
• Username-based doxing: connecting multiple accounts by tracing usernames that are reused across different platforms.
• WHOIS-based doxing: accessing a domain registrant’s personal data if domain privacy settings aren’t enabled.
• Public record or government doxing: gathering personal details from accessible government files, such as property records, court filings, or voter rolls.
• Image metadata doxing: extracting hidden information, such as GPS location, from pictures uploaded online.
• Social engineering doxing: this type of doxing involves an attacker manipulating individuals or organizations into revealing confidential information, which is then exposed.
• Work or financial doxing: disclosing private data about someone’s employment, income, or financial background.

How to Prevent Doxing

Doxing is one of the more ongoing cyberattacks, and although it cannot be completely stopped, it sure can be prevented. Here are some of the best practices showing you how to prevent doxxing attacks: 

Use a VPN

A VPN is one of the best ways to shield your IP address and prevent others from tracing you. It helps encrypt your online traffic, preventing even your ISP from tracking your whereabouts and digital footprints. FastestVPN is one of the best and most affordable options to use. It comes with over 800 servers, all of which give you stable speeds and online privacy.  

Use Strong Passwords and Password-Protect Your Data

Whichever social media platform you use, always ensure that passwords are strong. It should never contain your name, birthdate, and other personal details, because those kinds of passwords are the easiest to hack. Also, all media accounts need to have different passwords for security reasons. If remembering multiple passwords is difficult, you could always use the best password manager and store them in the security vault. FastestPass helps you generate strong passwords and allows you to store them safely. You can use the auto-fill feature to sign in to your accounts. 

Multi-Factor Authentication

Other settings, like multi-factor authentication and biometrics, are another core measure to prevent doxing from taking place. This means that no one can easily hack into your accounts without you receiving a message or an email for authentication. 

Generate Different Usernames for All Platforms

To avoid hackers or doxers from creating an entire profile of you from gathered information, always use different usernames and passwords for every platform that you use. Whether it’s your Facebook, Reddit, Quora, or gaming platforms, always change your user details. 

Get Other Software for Better Security

Apart from a VPN and a password manager, it’s always good to invest in antivirus and malware detection software. These security practices are important to incorporate, especially when trying to prevent future doxing attacks. Other than that, to ensure that all your software runs smoothly and accurately, always update it. 

Create Better Security Settings on Social Media

Go through the privacy options on your social media accounts and ensure you’re comfortable with both the details you share and the audience who can view them. For instance, Instagram allows you to switch your account to private, meaning only approved followers can view your posts, stories, and follower list. Facebook offers even more detailed controls, letting you adjust visibility for things like your email, location, phone number, photos, posts, and friends list. You can completely hide certain information, such as emails or phone numbers, and choose whether other details are visible only to friends, friends of friends, or anyone. To manage these settings, head over to the account or privacy settings section within each platform.

Contact Google to Delete Certain Personal Information

Just in case your personal information is publicly posted, you can use the Google search engine to get that information removed. Google asks you to fill out a form to get the process running. 

Create Different Email Addresses for Different Purposes

An email address might not seem like the most important thing to you, but it is. There are a lot of cyberattacks conducted through hacked email addresses. This is especially the case when you create just one email ID for all your social media accounts, websites, etc. To avoid falling victim to a doxing attack, consider creating different email addresses for every platform you’re a part of. Apart from this, ensure that all passwords to these email IDs are different as well and strong. 

Stop Oversharing Information

I get it, you have an online social presence to maintain, but don’t do it at the cost of exposing your personal information or being doxed. Hackers are always waiting for you to post every minute detail of your life that could easily contain information related to your passwords and other details. 

Are You a Doxing Victim? Here’s What to Do

Now that you know how to prevent doxing, here are a few tips on what steps to take if you’re a victim of doxing:

1. Report

Reporting doxing to the platform where your personal data has been shared is crucial. If you’re unsure how to do this, start by checking the site’s community guidelines or terms of service to find their reporting procedure and follow the outlined steps. When submitting a report, keep a copy for your records. Typically, you’ll be asked to provide information like your account details, contact information, the account responsible for the doxing, and specifics about the incident.

2. Document It

Make sure you gather proof of the doxing incident in different forms. For this, you need to take as many screenshots as possible, save the web pages where your details appear, or even take down details of the attacker’s account, only if it is visible. This step also includes keeping copies of any related emails, text messages, voicemails, or social media activity. Whenever possible, ensure that timestamps, dates, and URLs are clearly shown in the evidence. Collecting this information is not only useful for your own records but can also assist law enforcement in their investigation or serve as supporting evidence in legal proceedings.

3. Request for Information Removal

Just in case your information has been posted publicly on websites, and that too without your consent, you can always contact the website owners and ask them to take down or remove all that information. Laws in several countries always comply with victims of doxing and remove all personal information that was never supposed to see the light of day. 

4. Ask for Legal Advice

To explore what legal options you may have, it’s advisable to consult with an attorney. If you don’t already work with one, consider asking some of your known contacts for recommendations or looking into free legal aid services in your area. In some cases, schools, universities, or large employers also provide access to legal assistance. When seeking help, be prepared to give them complete details of the doxing incident, including evidence of what happened and who was responsible. Thorough documentation will be especially important in this process.

5. Speak to the Authorities

In certain cases, simply notifying the platform about a doxing incident isn’t sufficient. If the situation escalates or involves physical threats, it’s important to contact local law enforcement. Information that exposes your home address or financial details should be handled with utmost urgency, particularly if it is linked to serious or credible threats.

6. Tighten Security for Financial Accounts

If your bank account or credit card numbers are exposed by doxers, notify your financial institution right away. In most cases, your card issuer will deactivate the compromised card and issue a replacement. You should also update the passwords for your online banking and credit card accounts to secure them against further misuse.

7. More Security for Social Media Accounts

Update your passwords, consider using a password manager, activate multi-factor authentication whenever it’s available, and enhance the privacy settings across all of your accounts.

Frequently Asked Questions – Doxing

 

To Conclude

And that’s a wrap! You now know what doxing is, how to prevent it, and steps to take if you’re a victim of it. However,  always ensure details of your life are not overshared. You will never know who is watching or tracking your every move.