What Is Doxing?
Its Methods, Its Effects, and How You Can Fight Back.
Doxing is damaging. A 2017 study found that a few websites have shared more than 1.7 million text files of stolen information. All of them contained personal details of private individuals.
Anyone can become a victim of doxing. This makes it necessary for everyone to prepare against doxing.
What exactly is it? How can hackers obtain your personal information? What should you do to avoid the devastating effects of doxing?
Answer these questions and you can remain safe while you use the Internet. Here is your comprehensive guide.
The Basics of Doxing
Doxing is an Internet-based hacking attack. Hackers expose personal information in order to intimidate a person and threaten their well-being.
The word comes from the term, "dropping docs." Hackers would take entire documents containing personal information and release them to the Internet. Some hackers continue to do that today, but others find information and spread it through tweets and posts.
Doxing can occur to anyone. Someone can do it for political reasons, namely to intimidate a person they disagree with. But they can also dox to get revenge against someone or to have some fun.
You may have seen doxing spelled as "doxxing." The correct spelling is with one x, but many organizations write it with two. You may spell it with two, especially to differentiate it from the word, "doing."
Sensitive Personal Information
Many pieces of information can be subject to doxing. A person's name, address, and contact information are most commonly exposed.
Cyber vigilantes like to reveal phone numbers, email addresses, and private social media accounts. This allows people to spam the target and prevent the target from reaching their friends and family.
Personal photographs can also get leaked. People like to expose intimate pictures, including ones of a sexual nature. But they may also expose photographs a person took with controversial people.
Some hackers manage to obtain bank account and credit card numbers. This leaves the target open to extortion and theft. But many cases of doxing do not involve financial damage, beyond a spoiled reputation.
Methods for Doxing
There are many ways that someone can obtain someone else's personal information. This includes several ways that are legal within the eyes of the law. If you want to defend your personal information, you have to know all of them.
Viewing Public Information
A lot of what you think is confidential is not confidential. Your name is not confidential information. A hacker can find your real name by looking at your social media accounts.
Someone can go to your city hall and find your birth certificate. That document lets them know about your date of birth, what city you were born in, and your parents' names.
Anyone can go to the clerk's office to get your marriage certificate. The certificate details the name of your spouse and where your marriage took place.
They can then travel to the county recorder's office to see if you purchased a home. If you did, they can know where your home is and what qualities your property has.
They may be able to go to your DMV and get your driver's license. The license lets them know about your Social Security number, weight, and height.
Arrest records are also public information. Any person can leak details about crimes you were accused of, even if you were innocent.
Social Media Stalking
It is not illegal for someone to stalk your social media pages. Many hackers gain information by sending a friend request to a target's account. When the target approves their request, the hacker can access the information on their page.
Another way a hacker can stalk is by tracing account names. Many people use the same username across various websites. Someone can type the name into a search bar and uncover different pieces of information.
A person commits phishing by sending out seemingly legitimate messages. They pretend that they are an authority figure such as a bank official. They ask for a target's information, and they use that information to hurt them.
Most acts of phishing occur through emails. Hackers can make their emails seem legitimate, plastering company logos and using website addresses similar to legitimate companies.
But it is also possible to phish through text messages and phone calls. Some hackers are able to display the real telephone number of a company on the caller ID. They then make a voice recording asking for a person's information.
Phishing is one of the most common ways a company can get doxed. Nearly 90% of organizations encountered at least one phishing attack during 2019.
It takes one attack against one employee for an entire company to get doxed. This makes it difficult for many companies to defend against attacks.
Social engineering involves psychological manipulation. A hacker manipulates someone into believing that revealing information is in their best interest.
Phishing is one common avenue for social engineering. But it is far from the only way a hacker can employ psychological manipulation.
Baiting involves placing physical media where someone will find it. The hacker relies on the target's curiosity. They put a CD-ROM or flash drive into their computer, which installs malware and steals their information.
A hacker can ask for someone's information as part of quid pro quo. They can hand out presents in exchange for email addresses and passwords. Many people want a gift, so they give out their information willingly.
Many people gain access to internal servers and buildings through piggybacking. They walk in behind an employee who holds the door open for them as an act of common courtesy.
Data brokers are professionals who find other people's personal information. They may be hackers, social engineers, or private investigators. They combine different techniques in order to get the target's details, and then they hand them over to a client for a fee.
Many brokers visit the websites of credit card and loyalty card companies. These websites track your spending and online habits, making it easy to obtain your intimate information. But most rely on common strategies for doxing.
Some brokers operate on the Dark Web. They may sell a person's information to someone else on the dark web, allowing that individual to use it as they wish. This can lead to theft and extortion.
Hackers can design malware for doxing. They can send malware inside phishing emails. The target downloads the program and the program redirects their information to the hacker.
A hacker can also download malware onto a target's computer. They then pose as an IT professional, claiming they will help the target remove the software. In the process of "helping" them, they get the person's information.
Malware is getting more complicated over time. Keylogger programs track the keys a person types on their keyboard. Passwords, search results, and private messages all go straight to the hacker who made the program.
Once a hacker obtains a target's phone number, they can use a reverse lookup program. Many services allow customers to gain a person's details once they have their phone number.
This includes the individual's home address. Once the hacker has the home address of a person, they can find criminal and financial records.
Methods of Leaking
The final step of doxing is leaking a person's information. Some hackers will post personal details on Facebook, Twitter, and other social media websites.
Other hackers send information to the media or the police. This can result in criminal investigations against the target, even if they did nothing wrong.
They can also create their own website. They can use search engine optimization techniques so their website comes up first on search results. Their website can contain all of their target's intimate details and embarrassing information.
Effects of Doxing
The consequences of doxing are significant. Complete strangers can contact the target and harass them during all hours of the day. They may go to the target's house and send them troubling packages.
Someone can use a person's phone number and address for a swatting attack. They can call 911 and say that an emergency situation is going on at the target's house.
Armed police officers then arrive on the scene. Victims of swatting have been arrested, injured, and killed. Swatting is a criminal offense, yet many perpetrators hide their identities and get away with it.
Identity theft is another major effect of doxing. A hacker may impersonate their target to commit a crime, which can cause the authorities to blame the target. The hacker may steal money or property from them, using their personal details.
Many survivors of doxing feel upset and anxious. They may shut down their social media accounts, preventing their friends from contacting them.
Some people have changed addresses or jobs in order to avoid harassment. In rare cases, individuals have gotten police protection or gone into hiding.
How to Prevent Doxing
There are many ways to avoid falling victim to doxing. You should engage in all of them and be mindful about improving your cybersecurity.
Hide Your Personal Information
It is okay to have a social media page with your name and photograph on it. But you should control how much information you enclose on your page.
Enable your privacy settings so strangers cannot see the details on your page. Make it so that you have to approve a friend request from them to access your details. Do not accept a friend request from anyone you do not personally know.
Never post your address, email address, or phone number on social media. Try to avoid taking pictures of the interior or exterior of your house.
Some people start tracking other people's information based on their political posts. Be careful about what political beliefs you want to share. Limit your posts so that only your friends can see them.
You should learn how to recognize phishing scams. Most phishing emails say there is a problem with your account. Check your account to see if there is a problem, and delete the emails if there are no problems.
Nearly all phishing emails will ask directly for your personal information. No banks or financial institutions ask for customer details through emails. You should delete any email with such a request.
Look at the email address of the sender. If there are typos in it or if it is from someone you don't know, delete the email right away.
Never click on a document attached to a suspicious email. Just opening a file on your computer can result in an infection. Once you delete the email, you should block the sender.
Be careful when you use a public Wi-Fi spot. Some hackers create public spots or log onto them and steal people's information. Never log onto accounts or send personal emails while you are connected to one.
Never download any files that seem suspicious to you. You will not receive updates for applications you have on your computer through emails.
Never put a CD or flash drive into your computer that you find on the ground. Give it to an IT professional and have them investigate where it comes from.
Install virus protection software on your computer. You can install an AI machine learning vulnerability scanner that continuously checks your computer for security problems.
Fight Back Against Doxing
You can fall victim to doxing. Someone can obtain your personal information and leak it. You can get harassed or have your identity stolen.
Doxing can occur in many different ways. Someone can create malware that steals your information. But most hackers use social engineering and phishing in order to get your details.
You can use some basic strategies to avoid doxing. Limit the amount of information you share online. Do not open emails or download files that seem illegitimate.
Get software that will keep your information safe. SecPoint offers advanced IT security tools. Contact us today.