All about doxxing: How it works and how to help prevent it 

It’s derived from the term “dropping docs (documents)” but what is doxxing exactly and how and why do people “dox” others? Join us in learning all about doxxing, what it could reveal about you, and why it can be so damaging to our personal and professional lives as well as extremely embarrassing. Above all, we reveal how to help protect yourself. Explore Avira Prime for powerful, premium online privacy and protection, including dark-web notifications.  

 

What is doxxing? 

What’s the official definition of doxxing—or is it doxing? You can use both spelling variations, although “doxxing” tends to be more common. It refers to a form of cyberbullying that uses sensitive information (like records or statements) to harass, humiliate, expose, or blackmail a victim when their data is released without their consent. Here’s a quick, three-word definition that puts it more succinctly: Doxxing is personal information exposure. Of course, this could also happen in the “real” (or physical) world, such as someone stealing a secret, hand-written letter, or printed paper but these days the internet has given cyberbullies a treasure trove of data to steal. It has also provided them with a much larger audience.  

Where did it all start? In the murky cyber-world of hackers in the 1990s, anonymity was sacred, and participants closely guarded their alias. During hacker feuds, rivals would sometimes leak information (like someone’s real, physical address) that revealed the true identity of a hacker. This became known as “dropping docs” (or “doxx” in 90’s internet slang). Ironically, this term for stripping away anonymity was coined by the hacker collective Anonymous.  

Who are “doxers” and what are their motives?  

Let’s start with you as a theoretical victim. How anonymous are you? Did you know that you can even dox yourself? It’s a great way to find out how much of your private information is on the internet, so you can filter it and remove anything you don’t want in the public eye! Start by Googling your name. Then take a close look at the information you’re sharing in your social media accounts, as well as who can access this. Can friends of friends view your Facebook profile?  

Most doxxing is intended to be harmful and involves exposing details about a third-party who never gave their consent. Popular targets for this type of cyberbullying are journalists, politicians, and activists, but it could be anyone who has upset somebody else. Doxer motives range from taking personal revenge to achieving political aims, like pressuring a political figure into taking certain action ahead of a key vote. For example, the “hacktivist” group, Anonymous, released names of suspected KKK members. Pro-democracy leaders in Hong Kong have been targeted by supporters of the Chinese Communist Party.  

Other doxers seek to expose criminals or simply humiliate an unfaithful spouse. In some cases, victims are even accused of a fictitious crime and police are sent to their home. Let’s explore what happens during doxxing, so you can recognize it, report it, and help keep yourself safer online.  

How does doxxing work? Take a look at these popular doxxing methods 

Remember the tale of Hansel and Gretel and their trail of breadcrumbs? Information and digital clues about people are usually scattered everywhere online and are sometimes referred to as “breadcrumbs”. Doxers act as patient pigeons, gathering up these data crumbs to build a digital picture of their victim. You’d be amazed how much information is publicly available online, including real-estate papers, government records, marriage licenses, voter registration logs, and even the personal data that people publish themselves on social media. Do you operate a business or even a website? Information like your name, email, telephone number, and physical address will all be logged, ready to be found.  

Doxers also find the following data nuggets about their targets useful: social security numbers, private correspondence, personal photos…and of course a criminal history or embarrassing personal details are gold-dust!  

In addition to doing their own research online, doxers can also employ data brokers who will mine for personal information. These commercial agents sift through online and offline sources—from internet search histories to customer loyalty cards—and build up a profile of the intended victim. Savvy doxers also buy and sell personal info on the dark web 

Malicious actors (also called “bad actors”) are those who engage in online activity designed to cause harm. They’re adept at using various techniques such as spyware to track victims. They also send phishing emails that could trick you into revealing personal information such as log-in details. Social media accounts are a potential treasure trove of information, making social media stalking a popular doxer past time. Did you just accept a friend request from a stranger? Beware. You could be granting them access to a wealth of personal details, such as your friends, photos, location, workplace, hobbies, the places you have visited or “checked in”, the names of family members, and even the names of your pets! And hopefully you’re not using the name of your dog as a password, or you’ll be helping them break into your online accounts too… 

Beware of these other popular doxxing methods: 

Reverse mobile phone lookup services like Whitepages let you type in any telephone number to find out who owns that number. If you’re willing to pay a fee, sites like these can also unearth other personal details. So, if hackers find your mobile phone number, it can serve as a doorway to other information about you. 

Packet sniffing refers to applications that read data packets as they traverse the internet. Doxers use unsecured networks to install these packet sniffers so they can intercept your online data as they look for passwords, credit card numbers, bank account details, and other confidential information.  

Hacking is an option open to those with the patience and skills to obtain data that’s not available from public sources. Popular hacker tricks that aid doxxing include spreading viruses and malware, password cracking (where the attacker utilizes specialized software to find out the victim’s password) or launching brute-force attacks (the hacker uses trial and error to guess a password).  

Tracking usernames is another doxer technique and if you use the same username across a wide variety of sites, you can make it easier for them to gain access to your online accounts. They can then build up a picture of your interests and what you do online.  

Tracking IP addresses may lead doxers to discover your IP address and then unmask your physical location. They could then attempt to hack into the network or use social engineering to trick your internet service provider into revealing more information about you by, for example, filing complaints about the owner of that IP address.   

Running a WHOIS search on a domain name lets doxers learn who owns that domain name. Anyone who owns a domain name has their information stored in a registry that is often publicly available via a WHOIS search. Unless personal identifying information has been deliberately obscured, it’s available online for anyone looking.  

Live and learn: See these examples of doxxing in action 

Doxxing attacks range from the relatively harmless (such as signing someone up to online newsletters or having a hundred pizzas delivered to their address) to far more dangerous and sinister practices that aim to destroy personal and professional reputations and relationships. Here are some better-known examples of doxxing that hit the headlines.  

Do you think you’ve been doxxed? Act fast to help protect yourself! 

Firstly, try not to panic and take these steps to make sure you really have been doxxed. Then, if necessary, act quickly to help protect your privacy and personal information, as well as prevent any further damage.  

Start by reviewing your email accounts for suspicious or threatening messages as these are the most obvious sign that someone has already doxxed you or is planning to. Perhaps the message will attempt to blackmail you by threatening to release personal information unless you take certain action?  

Do a web search (with a search engine like Google) for your name, usernames, and any other identifying information you think may have been exposed. Does it appear in the top results or is it buried way down where people are unlikely to find it?  

Then head to your social media, including Facebook, Twitter, Instagram, and others. Scan your profiles and check for any posts or comments that reveal your personal information. While you’re there, check your privacy settings and see this blog for the top five Facebook privacy changes you should already have made.  

Take a close look at any online forums or communities you participate in. Has someone shared your name or confidential information or is anyone posting on your behalf?  

And was it really you who bought 50 dancing plastic pineapples on Amazon? Doxxing can also lead to identity theft so monitor your online accounts, particularly your bank and shopping accounts. Read up on how to spot if your Facebook has been hacked or whether someone has hacked into your email. It’s advisable to lock down all your online accounts by changing your passwords (and making sure they’re all strong and unique to that account) and enabling two-factor authentication. If your telephone number was released, you may want to change that too.  

Engage the help of third parties. Don’t be afraid to ask friends, family, and contacts to help by keeping a lookout for your personal information online or any suspicious social media activity that’s been posted on your behalf. If you have been doxxed, it can be an emotionally trying time, and support from those you trust can help you through it.  

Don’t take doxxing lightly! In case you want to call the doxer to account (more on this later), make sure you gather evidence by taking screenshots or downloading documents. And speaking of arming yourself for a potential legal battle, let’s dip a toe into the waters of legislation on the matter. Beware: They’re murky.  

Is doxxing illegal? As lawyers love to say: “That depends”  

There are currently no specific anti-doxxing laws in many jurisdictions, which victims may find frustrating. It still tends to be a vast grey area that’s dealt with on a case-by-case basis. While it’s not generally illegal to gather and publish information that’s publicly available there are crimes that doxers can be punished for, such as harassment, identity theft, stalking, blackmail, and intimidation. In other words, it’s what the doxer intends to do (or is doing) with your information that could land them in hot water.  

Even if you’re embarrassed by what’s been leaked, silence is not your friend. It’s important for doxxing victims to take action in order to limit the impact of the incident and help ensure that the perpetrator is punished (or at the very least discouraged from this type of cyber bullying). Anti-doxxing laws are toughening up. In the UK, doxing is considered a form of harassment and is therefore illegal—but it currently doesn’t constitute a specific criminal offence. Anyone who commits doxing can fall foul of a range of legislation (including the Protection from Harassment Act 1997 and Malicious Communications Act 1988. The Dutch Senate recently voted to make doxxing a crime and this was enshrined in law in early 2024. Ahead of the game, Hong Kong passed an anti-doxxing bill in 2021 and offenders face a fine of HK$100,000 (around $1.270) and imprisonment for two years! Doxxing laws in the US vary by state and Kentucky’s pioneering anti-doxxing bill became law in 2021.  

It’s always worth checking if the doxer has violated the terms of service of a website. If you notify the website, they may suspend the doxer’s account. Twitter, for example, prohibits posting private information about another person without their permission. Meta also adopted new doxxing policies in 2022, so users can no longer share (publicly available) private home addresses. It’s also working to make its Privacy Violation reporting option faster and easier.  

If doxxing involves serious threats, harassment, or illegal activities, contact your local law enforcement agency, and file a report. They can then help you take appropriate action, and the perpetrator could be banned or prosecuted. Remember to collect all that documentary evidence that we mentioned earlier (and consult an attorney for legal guidance)!  

Does doxxing affect more women than men?  

In theory anyone can be doxxed but in reality, many experts believe that women are more likely to be targets of this type of cyberbullying and harassment. A 2020 report by The Economist Intelligence Unit (EIU), surveyed 51 countries and concluded that online intimidation of women is depressingly common. 45% of Generation Z and Millennial women reported being affected while 85% of surveyed women of all ages reported witnessing online violence against other women. This figure leapt to an alarming 90% among women in Africa, Latin America and the Caribbean, and the Middle East.  

Tragically, cyberviolence hampers gender equality and violates women’s rights. The Council of Europe is working to target this widespread problem and encourages states to address cyberviolence as they would any other form of violence against women—with perpetrators being investigated and prosecuted.  

Help prevent doxxing with your own anti-doxxing prep plan! 

Prevention is always better than the cure. It’s vital to review your online presence for possible security vulnerabilities and try to maintain a low online profile. It might be tempting to be an Insta King/Queen but be mindful of what personal details you’re sharing and who can see them. Here are some top tips for crafting a less identifiable digital you:  

 

As a final thought: Imagine that someone is trying to dox you and ask yourself: “What will they find?”. Make sure you know what information about you is out there and lock yourself down so it’s harder to access. And be aware of public records, like your tax documents. Also consider digital tools and services from reputable online security providers that can help keep your devices, data, and identity safer from malicious actors, online threats, and anyone trying to track you.  

Help protect your personal data and digital identity with Avira Prime  

Cybercriminals, and anyone trying to track you, can be relentless and are becoming increasingly sophisticated at laying their hands on your vital data. A multi-layered approach that blends online privacy and protection may be more effective.  

 Avira Prime offers a single, convenient solution to those trying to stay safer and more private online. Whether you like online shopping, banking, or just browsing, you can feel more secure with your day-to-day online activities—and rest assured that online threats (and prying eyes) are less likely to sneak onto your system. It includes Antivirus Pro, Software Updater, and more—plus the Password Manager and VPN mentioned earlier.  

Crucially, Avira Prime also comes with Dark Web Monitoring, which scans the web (and dark web) to see if your email address has been compromised. You’ll be notified if your email address is found on the dark web. 

Run a Smart Scan to quickly help seek out (and then help fix) any privacy issues, malware, and apps that need security updates. And if it’s a leaner, faster machine you’re after, the included performance tools will help declutter and can speed up your device.  

 

This post is also available in: GermanFrenchItalian

Exit mobile version