The word “doxing” is an abbreviation for “dropping documents (dox).” It refers to a hacker or other malicious actor who researches another person or organization and then publishes his findings without permission. Over the last few years, we have seen how influencers, politicians, and celebrities get doxed. They are high-profile targets, of course, but anybody can become a doxing victim.
The specific information that a perpetrator chooses to publish depends on their goals. For example, it can go from home address to contact or banking information.
This article will explain what doxing is and how it happens in full detail. Understanding it will help you protect yourself successfully. As often happens with digital security, awareness is the first defense line.
So how does doxing work?
Doxing (also “doxxing”) is a malicious act performed by an actor who aims to expose somebody else’s identity or digital activities to somebody who would remain anonymous and private instead. It’s all about harassment and/or humiliation.
Today, our personal information is floating around the digital ether more than we would like (or are aware of). Thus, a doxer can get much information to drop on their victims without using criminal resources.
Have you ever uploaded a CV to a job-hunting website? Such a document would probably expose your email address, home address, and phone number to anybody who could find it online. Something similar applies if you own a domain name or have previously registered one. These are just two examples but think about your Facebook, Instagram, Twitter, and other accounts and how much they reveal about you.
What are some standard doxing methods?
So how can this happen? Unfortunately, any person with some degree of digital literacy has plenty of resources to find out about you online. Here are some of the things they can do.
Close observation of social media
Once a social media profile of any platform is set to public sharing, all its information is up for grabs for any internet user. And something whose curiosity is determined enough can even find out things you thought you were keeping to your closest friends and family members.
And remember your security questions. They are often based on sibling or pet names, your High School’s name, etc. All that information could be on your social media, available to the public, providing clues about your security questions on other websites.
Every domain name on the internet has an owner registered in the WHOIS databases. That database often includes sensitive information about the individual or organization owning a domain, such as phone numbers and addresses (email or physical). Searching for this info is straightforward and takes next to no expertise.
Doxers also like to keep an eye on individual usernames across different apps, websites, and platforms. Then, they put all that information together to create a profile on somebody.