What is Doxing and How to Avoid Getting Doxxed

  • By Rita
  • Apr 14, 2022

What is doxing
The internet has proven to be both a friend and a foe. One peculiar thing about it is that often users need to reveal personal information before accessing most of its features. 

This information ranges from photos, locations, preferences, banking details, and other forms of data. With these, we usually give the online world a clear idea of who we are and what we do.

However, malicious people can put this information together to build a data-based profile without our knowledge. This can be risky, especially when this personal information gets into the hands of criminals to be used for doxing. 

What is Doxing?

The term "dox" comes from the expression "dropping dox", a revenge tactic used by hackers decades ago. It has roots in the hacker communities of the early internet, and it was a shorthand for "dropping documents" for their communities to share freely. 

Anyone with any form of malice against another person online can carry out such an attack. From online gamers to cyberbullies, anyone can dox you.

Simply put, it’s the collection of an individual’s personal information across multiple platforms by an unauthorized individual who then publishes the information without the victim’s consent. The goal is usually to harass, blackmail, shame, or extort.

Most of us aren't too careful with what we share online. We usually leave behind a trail of breadcrumbs that a cybercriminal can use to find our real identity and then deploy a string of malicious attacks.

How is Doxing Used Against You?

The most common ways people use doxing are:

  • Encouraging general harassment.
  • Extortion by using the threat of releasing information.
  • Making people feel unsafe or scaring people to create panic.
  • Vigilantism against public figures.
  • Exposure to facilitate legal prosecution.
  • Embarrassment by releasing information the victim would prefer to keep confidential.

Most incidents occur between people in smaller interpersonal circles even if the information exposed on the internet is seen, consumed, and acted upon by a wider network of unconnected individuals. However, the strongest version of this attack is when there's no apparent motivation. 

Kinds of Information Used to Dox People

When an attacker releases a dox, the contents are rarely identical from one incident to the next. Depending on the target and the availability of personal information, the materials they unleash can vary. Most doxes will include:

  • Gender.
  • Full legal name.
  • Birthdate.
  • Home addresses.
  • Mobile phone numbers.
  • Financial details like active bank accounts or credit card numbers.
  • Linked social media accounts.
  • Employment information.
  • Usernames and passwords for various online accounts.
  • Personal correspondence, including SMS, social media messages, emails, letters, etc.
  • Private media like photos and videos.
  • IP addresses.

Even just a few pieces of this information, if released online, can have devastating effects on the victim.

How Does Doxing Work?

Doxing explained

Your online activity is like a trail of breadcrumbs. Anyone determined enough can follow that trail until they find out information about you, including your address, age, gender, race, and other personal information. The aim is to abuse this information and cause harm. 

The most common doxing techniques include:

  1. Wi-Fi Sniffing

    Public Wi-Fi networks are vulnerable to hacking. A doxer can easily intercept the internet connection and obtain real-time data from you like the websites you browse. Sensitive personal data, such as login details and passwords, can be compromised in this way.

  2. IP Logging

    Some hackers usually go the extra mile and slip an IP logger (an invisible piece of code) into your device through an email or message. This allows them to sniff out your IP address.

  3. Phishing

    Cybercriminals can also rely on phishing emails to gather information about you. Often, you'll receive an email that seems to come from your credit card provider, bank, or other reliable sources. The email might ask you to click on a link or download an attachment.
    If you click on the link, you're redirected to a webpage that will ask for your personal information. If you provide this information, you'll be sending your personal information to the attacker. Also, if you download an attachment, malware is loaded onto your device, which the attacker can then exploit to acquire your personal information.

  4. Analyzing File Metadata

    By simply examining your file metadata, an attacker can get a lot of information about you. For instance, the details section of a Word file will reveal who created or edited it and possibly even when and where it was created.
    Also, photos have EXIF data. It shows the model of the smartphone or camera that took the picture, the resolution, and the time when you took it. What's more, it could go as far as revealing your location if you had enabled GPS when taking the photo.
    If hackers gain access to this information, they can learn a lot about you and do a great deal with it.

  5. Sifting Through Government Records

    One of the ways doxers can carry out an attack is by sifting through publicly available information. While most personal records are not visible online, there’s still a fair amount of data that can be gleaned from government websites. Some examples include databases of business licenses, county records, marriage licenses, DMV records, and voter registration logs.

  6. Social Media Stalking

    If your social media accounts are public, an attacker can cyberstalk you to find out information about you. This information can include your location, workplace, friends, photos, likes and dislikes, places you've been to, names of family members, and much more.
    A doxer can even work out the answers to your security questions using this information. This would help them break into other online accounts where they can get even more information about you.

Is Doxxing Illegal?

The answer to this question depends on:

  • The kind of information the doxer releases.
  • How the doxer obtained the information.
  • The intention of the doxer.
  • The impact on the victim.

It is primarily illegal, especially if the published information isn’t publicly available and the culprit illegally obtained it.

There isn’t a direct doxing law explicitly written for these attacks in the United States. The rules around these attacks constantly evolve and aren’t always clear-cut. However, federal prosecutors use two federal statutes to charge individuals suspected of doxing.

The first statute (18 U.S. Code §119) makes it illegal to knowingly expose the restricted personal information of a covered person or their family member. A covered person includes:

  • Employees and officers of the U.S. government or its agencies.
  • Employees and officers of local or state government agencies involved in a federal criminal investigation.
  • Witnesses and jurors in court.
  • Witnesses and informants in a federal criminal case.

Restricted personal information, in this case, includes home addresses, telephone numbers, personal email addresses, and social security numbers.

The second statute (18 U.S. Code §2261A) was initially written to target stalking. However, the wording allows it to apply to cyberstalking and dox attacks. It facilitates charges to be filed against anyone who uses an electronic communication service or interactive computer service to:

  • Place someone else in reasonable fear of death or serious bodily harm.
  • Injure, intimidate, harass, or surveil someone else.
  • Cause or attempt to cause substantial emotional distress to a person.

How to Prevent Doxing

Tips to prevent doxing

While there’s no foolproof way to guarantee an attacker won’t ever dox you, here are some tips you can follow to lessen the odds:

  1. Use a VPN - A virtual private network can help you shield your personal information from doxers. A VPN will hide your IP address, and hackers won't be able to get this address for your location or other personally-identifying information.
  2. Avoid oversharing - Don’t overshare on social media, online forums, or message boards. Sharing too much of your information online gives doxers a lot to work with.
  3. Use Multi-factor authentication - This authentication method requires the user to provide two or more verification factors to access an account rather than just asking for a username and password. This decreases the likelihood of a cyber-attack.
  4. Ensure best password practices - Keep snoops and attackers away from your personal information by using strong and varying passwords for all your accounts, such as your bank account, credit card portals, work dashboard, and social media accounts.
  5. Avoid phishing emails - Be wary of emails that supposedly come from your bank or credit card provider and requests for your personal information. Financial institutions never ask for this information via email. So don’t open any suspicious emails and avoid clicking on any malicious links or downloading attachments found in emails.
  6. Protect your devices - Keep your systems secure and up to date. Get an antivirus program to protect your devices from malware, ransomware, and other threats. Check your settings to ensure your security software checks for updates and install them automatically. Scan your system regularly because this will notify you of any security threats.
  7. Avoid third-party login options - Many sites will ask you to sign in with Facebook, Google, or another third-party service. You should avoid doing this. Otherwise, these websites can request more information about you. The more sites you connect with your accounts, the easier it is for an attacker to compile your personal information.
About the Author
IDStrong Logo

Related Articles

What is Mail Theft and How to Prevent It in 3 Simple Steps

One of the many ways that identity thieves get their hands on your personal information is through ... Read More

Credit Card Fraud: What Is It and How To Protect Yourself Against It

Credit card fraud is a fact of life, and most Americans have experienced it or know someone who ha ... Read More

Lost or Stolen Phone? Don’t Panic, Follow These Steps

Most of us are tethered to our smartphones like a lifeline. In these tiny little computers, we car ... Read More

Stolen or Lost Wallet: What to Do?

Anyone who has ever lost their wallet or purse, or had it stolen, knows that instant spark of pani ... Read More

7 Most Common Types of Identity Theft That Can Happen to You

Identity theft is a major concern for many Americans these days with data breaches, ransomware att ... Read More

Latest Articles

Regal Medical Group Data Breach Affects Patients of At Least Four Healthcare Providers

Regal Medical Group Data Breach Affects Patients of At Least Four Healthcare Providers

It's been less than a week since February 2023 started, yet we are, reading about a new medical breach. Over 90% of hospitals have admitted to being victims of data breaches.

Weekly Cybersecurity Recap February 3

Weekly Cybersecurity Recap February 3

Well, the last month has passed incredibly quickly and without much stir, which gives us hope for the next year. However, this month has been incredibly eventful in the world of cybersecurity.

Bell-Carter Foods Announced A Data Breach

Bell-Carter Foods Announced A Data Breach

Any large-scale company is at heightened risk of becoming the victim of a data breach. It doesn't always seem like the most obvious target; whether it's a power company, a grocer, or a chain restaurant, there is actually a lot of desirable information available from these companies' databases.

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an email address