Doxxing refers to someone gathering pieces of personal information and posting them online - whether on a private page or in a more public location. In many cases, the intent is to harass the person or to lead others into harassing them. Doxxing has many dangers associated with it, but there are several ways to protect against this malicious activity.
Dangers of Doxxing
Doxxing is typically a targeted attack. Someone might have a social media post go viral, or be well known in a particular hobby group or social circle. Perhaps they have opinions that differ from the doxxer's, such as sensitive or political topics. And the damage that can be done is wide-ranging.
The most concerning is called “Swatting”. An individual calls law enforcement with a tip about a violent criminal or a similar figure that results in police bringing special units to the location. The target of this harassment has no idea what's going on, and this misunderstanding could lead to severe consequence.
Depending on the level of violence and disruption, a user could be forced to change email addresses and phone numbers. If their workplace is known, it may result in job termination due to the volume of disruption and false reporting.
How Does Doxxing Happen?
There are many ways to get personal information online. An individual may not realize how many clues they give away when posting about their life, work, leisure activities and other personal information. Social media profiles that are open to the public are goldmines of data. Third-party data collectors also have a wealth of information, which may be added to what the person doxxing already knows.
Databases that get passed around in hacker communities make it possible to break into personal accounts and get more knowledge as well. If a person uses the same username and password on all of the sites they access, and one of those accounts gets compromised, it's a simple matter to get into the rest of the information. That’s one reason why strong, encrypted passwords are so critical – including the use of multi-factor authentication.
Why People Dox Others
The motivations behind doxxing come in many forms. A person might feel they’ve been attacked, insulted or slighted by their target. They could be seeking revenge for this incident. If someone is outspoken on the internet and has controversial opinions, they could put themselves in the crosshairs of someone with opposing viewpoints. Usually, this type of reaction occurs due to hot button issues, rather than run-of-the-mill disagreements.
People who use Twitch and other live streaming services could end up making a fan upset if they must ban that person for inappropriate behavior. Followers sometimes assume they have a closer personal connection than they actually do. Regardless of the motivations behind doxxing, it can put people in an uncomfortable and potentially deadly situation.
How to Avoid Getting Doxxed
The best way to limit damage from doxxing is to avoid the situation entirely. Here are several ways to stop potential doxxing attempts in their tracks:
Use a VPN
A virtual private network offers excellent protection from exposing IP addresses and physical addresses of an individual. The VPN takes the user's internet traffic, encrypts it, and sends it through one of the service's servers before heading out to the public internet. In a previous blog, we outlined several VPNs that take privacy and security very seriously.
Limiting Personal Information Online
People must go to much greater lengths to dox a person that doesn't share personal information online. Social media sites often ask many of invasive questions, which can lead to attackers learning more than enough about their target. By keeping this information offline entirely, doxxers usually move on to someone else.
Auditing Social Media Posts
Over the years, social media profiles fill up with all sorts of data about the person and their past. Take the time to go through social media accounts and delete posts that contain too much personal information. Even if you didn't post it directly, look for comments that may accidentally share this type of data as well.
Ask Google to Remove Information
If personal information appears in Google search results, the individual can request that it get removed from the search engine. Google makes this a simple process through an online form. Many data brokers put this type of data online, usually for background checks or crime check information.
Avoid Online Quizzes
Some quizzes ask a lot of seemingly random questions, which are actually the answers to common security questions. Plus, it gives attackers more data to work with. Supplying an email address or name to go along with results makes it even easier to associate information from other data sources.
Practice Good Cybersecurity Practices
Put anti-virus and malware detection software in place that can stop a doxxer from stealing information through malicious applications. Regularly update software to avoid any security bugs that could lead to being hacked and doxxed. Once an operating system reaches the end of its supported life, switch to a newer version to decreased security vulnerabilities.
Change Passwords Regularly
Data breaches happen all the time, so it's usually only a matter of time before a username and password combination gets out in the wild. By switching every month and using a password manager to create complex codes, it's harder for a hacker to break into accounts. An individual can consider using two-factor or multi-factor authentication as well, which requires more than just a username/password combination to access the application.
Doxxing is a serious issue made possible by easy access to personal information online. Staying safe in an online world isn’t easy, but following cybersecurity best-practices can help.
Learn more about keeping your data safe online with the following Resource Links: