Doxing (also spelled doxxing) is a type of online harassment that involves revealing someone’s personal information, such as their real name, address, job, or other identifying information, and posting it publicly, usually on the Internet. Doxing occurs without the consent of the victims, when an attempt is made to display information that was intended to be private.
The term “doxing” comes from the English word documents. The hacker culture of the 1990s shortened the term to “docs”, and later to “dox”, referring to the collection of documents or personal information, such as mailing address, and their subsequent publication online. The Anonymous hacker group helped popularize the term.
What Does Doxing Mean?
Today, doxing means posting someone’s personal information on the Internet without their permission. It can also specifically apply to discovering the real identity behind an anonymous username and exposing it on the Internet.
Some doxing attacks are based on harassment or revenge, while others target people who post bigoted comments online or record themselves promoting such beliefs.
Although the concept is decades old, doxing is still alive and well, and can be very dangerous, especially once it becomes widespread. When a person’s physical address, place of employment, phone number, email, or any other information is available, they can be an easy target.
Doxing attacks range from the relatively benign, such as email subscriptions or fake pizza deliveries, to the most dangerous, such as stalking someone’s family or business, swatting, identity theft, threats, and other forms of cyberbullying. , or even bullying in person.
How Does Doxing Work?
Doxers collect breadcrumbs, little bits of information about someone, scattered across the internet, and piece them together to reveal the real person behind an alias. These breadcrumbs may include the target’s name, physical address, email address, phone number, and other information. Doxers can also buy and sell personal information on the dark web.
Traditionally, doxing stemmed from an online discussion that escalated until one of the participants sought information about the adversary. Today, doxing has become a popular tool in the culture wars, with activists doxing people with opposing ideologies. Many celebrities and journalists have been doxed, leading to online harassment and even death threats.
Tracking down private information is an important part of what doxing entails. And although many people think that the Internet is anonymous, it is not. There are many ways to identify someone on the Internet.
Types of Doxing
Doxers have a variety of methods they use to gather information on their targets. They can exploit your IP address, check your social media profiles, buy data from data brokers, use phishing campaigns, and even intercept Internet traffic.
IP doxing (or ISP doxing) occurs when doxers obtain the IP address, which is connected to the physical location. The doxer then uses social engineering techniques to trick the Internet Service Provider (ISP) into revealing more information about you.
The doxer uses a spoofing application to make your phone number appear to be one owned by the ISP in order to call the ISP and pose as a member of the technical support team. They can use the IP to request information from other clients, which includes:
- Your full name
- Email address
- Phone number
- ISP account number
- Date of Birth
- Physical address
- social security number
This requires a few steps, some manipulation, and a gullible ISP employee, but when these kinds of tech support scams work, the doxer can get a lot of private information with one phone call.
Doxing Through Social Networks
Social media doxing is the collection of personal information from your social media accounts. This information may include your location, workplace, your friends, photos, likes and dislikes, places you visit, names of family members, pets, and much more.
Some of this information may even provide doxers with the answers to your security questions, which they can use to break into your other accounts. For that reason, you should make all your social media accounts private.
If you use online social media platforms like Reddit, 4Chan, Discord, YouTube, or others, create different usernames and passwords for each service. If you use the same username on multiple platforms, a specialized doxer could link your accounts to create a detailed picture of your activity. Always be careful about the personal information you post.
Doxing of Data Brokers
Some doxers buy personal information about their targets from data brokers, which are companies that collect information about people and sell it for profit. Many data brokers sell your information to advertisers, but there are also people search sites that sell complete personal information to anyone.
Data brokers collect information from publicly accessible records (marriage licenses, government records, election records), customer loyalty cards (your physical or online purchases), search histories (everything you search for, read or download) and data from other brokers.
Phishing is the use of fraudulent communications to trick victims into revealing sensitive personal information. Doxers can use targeted spear phishing attacks against specific individuals to gather information about potential victims. While the ultimate goal of many phishing attacks is identity theft, the information obtained can easily be used in doxing attacks.
Read Also: What Is a Wi-Fi Network Security Key?
Learn how to recognize and prevent Apple ID phishing scams and other phishing attacks and avoid being tricked by doxers. And for even more protection, use the best antivirus software around, which will block phishing attacks and keep you safe from malicious email attachments.
Sniffing occurs when someone intercepts Internet traffic as it is being sent from the sender to the receiver. Internet traffic travels in small packets called data packets. A sniffer is a software or hardware tool that can pick up these packets and read the data they contain. A doxer can use sniffing to collect a person’s Internet traffic and analyze it for personal information.