What is doxing? Is it legal and how can I prevent it?

Doxing (short for "dropping documents," "docs," or "dox" is when a hacker or other Internet user captures information from someone or a group and posts it online without your consent. While we've seen celebrities, politicians and social media influencers doxed in recent years, anyone (and their personal information) can become the target of someone's malicious scheme.

Depending on what the controller's goals are, there is a wide range of personal data, a physical address, contact information or bank account information, that they might seek to dig up and display all over the internet.

But what is doxing, exactly? In this article, we'll take a look at what doxing is and how it works, how to protect ourselves, and why there's a blurry line as to whether or not this practice is illegal.

How does doxing work?

Doxing (sometimes spelled "doxxing") is a malicious act in which hackers or other online threats are interested in exposing the identity of someone who is trying to remain anonymous, or want to humiliate or harass someone who wants to remain anonymous private.

With all of our personal information floating around the internet, doxers can access a lot of this private information in completely legal ways.

If you've ever uploaded your CV to a public website while looking for a job, for example, your email address, physical address, and mobile number could be publicly available to anyone who's interested.

Likewise, if you've ever owned or registered a domain name and website, you may have provided a piece of personal information that can be easily accessed with a simple, free, and quick search.

Methods used for doxing

There are all sorts of ways hackers and malicious users can get your personal information and identity online. For determined and technically savvy hackers and doxers, hunting for data on the Internet can be very easy.

Here are some of the most common and effective ways doxers can get the information they want:

Cyber ​​bullying on social media

Once public sharing is established, social media accounts are completely open to anyone interested in looking through them. A snoopy could access any personal or private data that someone thinks they are sharing with their family and friends online.

Various account security questions are often created from relationships with people, family members, names of pets, and schools you went to. If any of those things are made public on the Internet, a stalker can quickly find them.

Perform a WHOIS lookup on domain names

When business owners register a domain for their website, they can decide whether or not to provide sensitive information such as phone numbers, physical home or business addresses, and email addresses. A quick search can bring up this information without the need for technical knowledge.

Username Tracking

Doxers can track usernames across apps and websites, and generate a profile based on the individual's behavior. This is especially effective on social networks like Reddit and Twitter, where target users believe they are anonymous, but are actually quite easy to locate. All the data is collected together and used against the target.

Government records to steal personal information

Marriage agencies, business license dealers, county record providers, traffic, and many other government websites have public records available for searching. While employees can use them to check criminal records or driver's licenses, among other things, anyone can access this personal information that is made available to the public.

Phishing scams to steal personal information

Phishing has long been a way hackers and cybercriminals steal sensitive data from their victims. If the doxers are looking for a specific piece of information, they might try to fish for it. They could pose as a major financial institution and ask for specific identifying information via email. Or they could try to trick victims into clicking a malicious link that would allow attackers to access their devices and leak their websites and apps.

Track your IP address

Once a hacker has located your IP address, they also find your physical location. This could open your Wi-Fi and Internet Service Provider (ISP) to hacking and cyberattacks.

Once they have your physical address, they might as well cross-reference it through other outlets to dig up all sorts of information. And that's without considering that credit card companies often use addresses and zip codes to confirm card use.

Reverse phone lookup services

If your mobile number is available online, it will be very easy to target it through SMS scams or vishing (phishing through calls). Also once cybercriminals have the number, they can use reverse mobile phone lookup services to find out more about the person behind this number.

This number could also cause a domino effect revealing more valuable information in a doxing attack.

Packet sniffer

Packet sniffers are pieces of hardware or software that analyze and monitor network traffic.

Doxers could use them to filter information coming from a particular source. Once they have breached network security protocols, they can collect information such as passwords, bank account logins, and credit card numbers.

Use websites of information brokers

An entire industry is dedicated to serving targeted advertising agencies by aggregating user data, search habits, and trends.

While most buyers are within the world of advertising, anyone can access this vast collection of data. If a doxer is looking for a specific user, it can easily track a device via GPS coordinates and IP addresses.

What information do the doxers want?

There are many things that doxers might be interested in while leaking a target's personal information, using the methods mentioned above. It may be easier than you think to find and dox:

      Phone numbers, email addresses, and other contact information

      social security numbers

      Physical addresses of home or business

      Members of the family

      Online search histories

      Credit card provider, numbers and details

      Bank account information

      social media accounts

      Personal photos

      Tweets, posts and statuses

      Other personal details

Is doxing legal?

Briefly? Depends on the situation. Doxing is not illegal if the collection of personal information was done legally. For doxing to enter illegal territory, doxers must publish private information that was never supposed to be available. This could be a credit card number, bank account details or an unlisted phone number.

If doxing results in cyberbullying or personal threats to the victim, it could also be considered a crime and could involve law enforcement.

Doxing is managed differently depending on its severity, too. If a hacker revealed someone's name or a public phone number for a business, it might not be taken as seriously in the eyes of the law as sharing someone's physical address or financial accounts.

Regardless of how governments and law enforcement see it, many websites have doxxing rules in their terms of service. So if a hacker used a particular social network to dox someone, their account could be suspended or deleted, although the legal repercussions could be minimal.

How to protect yourself from doxing

With all the ways available to expert hackers, and would-be doxers, it seems that anyone can become a victim. If you've ever posted on social media, left comments on social media, gotten caught up in a forum chat, or been active in comment sections of media articles, you could become a target.

While the aftermath of doxing can be devastating, there are some online tools available to users that might help you protect yourself from doxing:

1. Mask your IP address with a VPN

Once the hacker has figured out your local IP address, they will also figure out a physical address and the corresponding Internet Service Provider (ISP) account. This not only reveals your home address and other information, it can even make your Wi-Fi connection a target for hacks. You can also use proxy sites to hide your IP, although they are not always effective.

A Virtual Private Network (VPN) hides your real IP address and assigns you a new anonymous one from one of its thousands of servers located around the world. VPNs also encrypt all of your data end-to-end on a network, so hackers won't be able to intercept your data on unsecured Wi-Fi networks.

As the first line of defense against doxing attacks, we can recommend NordVPN. It is consistently at the top of our rankings, reviews, and lists for security and privacy.

2. Take advantage of premium cybersecurity

With the recent surge in ransomware and other malware attacks, users are taking their cybersecurity very seriously. Make sure you have a good antivirus that protects you from doxing attacks that come from malware and malicious downloads.

Good software can find and quarantine new threats before they enter your system. That way, it can ensure your threat protection is active and constantly up-to-date, in case you accidentally download malicious files or click the wrong link.

3. Strong passwords

Be sure to choose passwords with combinations of upper and lower case letters, numbers, and symbols. Remember that they are different on all websites and other accounts. One of the worst mistakes users can make is to have a password stolen in a breach and have hackers successfully use that password on other accounts.

It's also a good idea to set up separate email accounts for different platforms.

If you're having trouble creating and remembering complex passwords, it might be time to think about using a password manager. Take a look at 1Password, our recommendation this year.

4. Private social media accounts and usernames

When creating new usernames, make sure it's not your first and last name followed by a number. If a hacker or doxer gets your name, a quick data cross on LinkedIn or Instagram will bring up that username.

For most accounts that are connected to your professional life, like LinkedIn, Facebook, and Twitter, you'll want to use your real name. In those cases, be sure to check your privacy settings and set them to the highest level.

You only want your address, phone number, employment history, or other private information to be available to the people you agree to connect with. This also goes for all your accounts. Never share anything you don't feel safe with someone sharing in public.

5. Different usernames for different platforms

If you use the same username for Reddit, Snapchat, Twitter, and Instagram, and are active on all platforms, a doxer could do a summary of your history in a matter of minutes.

If you're active on online forums and comment sections, be sure to use different usernames for different sites and subscriptions. For people who actively post politically or express opinions on movie forums, something you said in one group could be used against you in another.

Remembering all those usernames and passwords can be a chore, so this is another opportunity where a password manager could help.

6. Do not participate in tests from sources that are not trusted

Personality tests or other types of tests can be fun if you're on a popular website like Buzzfeed, Mental Floss, or Zimbio that doesn't require you to log in. But be wary when a random website asks you to log in via Facebook, Google or other ways.

These online tests often ask things that can elicit answers to various account security questions, such as the name of your first pet, the school you went to, and the name of your oldest friend.

While you think you are just running a fun test, the personal data you are exposing could be a treasure trove for doxers and cybercriminals.

Previous Post Next Post