Doxing (also spelled “doxxing”) comes from the phrase “dropping dox” or “documents”.
It is a form of cyberbullying that uses a person’s sensitive information or records for the purposes of harassment, exposure, financial harm, or exploitation.
Doxing is an easy way for people to cause harm to another because nearly everyone has personal data that can be found on the internet. This data can then be weaponized against the targeted individual.
In many cases, doxing is not illegal due to the fact that much of someone’s personal information is publicly available online anyway. However, if the information is used to stalk, threaten, or harass someone, it becomes an illegal act.
How Your Personal Data is Found
Personal data can be found through varying online methods, but here are some of the most common ways for someone to gain access to your personal information:
Tracking Usernames
Because people often use similar usernames on different web accounts, it can be relatively easy for cyber criminals to use that username in order to pinpoint accounts belonging to a certain individual. Data from these accounts can then be used to compile a portfolio to reveal more information about that person.
Phishing
Phishing scams allow cyber criminals to gain access to sensitive data about you by providing a link to a fake website. If someone falls for a phishing scam, they may inadvertently enter their sensitive data before realizing that the website is fake.
Stalking Social Media
Social media accounts that are public can be seen by anyone, including those who may wish to do you harm. Information such as your place of work, friends, photos, family members, pets, and places you frequent can all often be found on social media. A doxer may even be able to deduce answers to common security questions from your social media posts.
Tracking IP Addresses
Doxers can often identify your Internet Protocol (IP) address and use this to find your physical location. For example, they might reach out to your internet service provider, pretending to be you and asking questions to gain more information about you.
What Information do Doxers Want?
Doxers are often looking for specific information about an individual such as the following:
- Phone number
- Social security number
- Home address
- Credit card information
- Bank account details
How to Protect Yourself from Doxing
Due to the nature of the internet, it is nearly impossible to completely avoid becoming a doxing victim. However, there are steps you can take to protect your most sensitive online information such as:
- Use a virtual private network (VPN) which encrypts internet transmissions
- Use strong passwords
- Change your privacy settings every so often
- Watch out for phishing emails
- Create separate emails for separate purposes (such as work and personal)
- Use social media privacy features
- Be mindful of providing app permissions
- Set up Google alerts for your name, number, address, etc. so you can be alerted right away if a doxer publishes them
What to Do if You Are a Victim of Doxing
If you discover that you have been doxed, take the following steps:
- Report it to any pertinent parties such as financial institutions.
- Involve law enforcement if the attack involves threats or if you believe the doxing to be illegal.
- Document with screenshots, downloading web pages, and write out what occurred. This information can help you keep track of what information was shared in case authorities need it.
- Secure your accounts by changing your passwords.
- Consult with an attorney if you believe legal action is warranted.