Doxing: most used techniques and how to prevent it

As reported by Protek, the most common cause of data theft in 2021 was the theft of user credentials. A method that amounts to 20% of cases. Can you imagine all the damage that cybercriminals can cause having your passwords in their possession? Now, methods like doxing, phishing, and malware keep popping up to further boost these statistics. Is there a way to stop them?

Unfortunately, there are unscrupulous people on the Internet who seek to take advantage of security holes. Find out how you can protect your information online.

What is doxing?

The term doxing (sometimes spelled doxing) comes from hackers. It was an acronym for “dropping documents”, “docs” or “dox” which referred to documents on an adversary.

Motivations for using this information range from personal revenge to political ends. However, there are hundreds of examples of people who have been harmed as a result of this practice. Doxing someone means divulging their personal or private information, which can result in a harmful or embarrassing act.

Indeed, the Internet has made it much easier to find and disseminate this information to a wide audience. For example, in an act of doxing someone’s personal information, such as their home or work address, can be revealed. Also, your phone number, private images, criminal record, etc.

Originally, it was used to unmask anonymous users. But, currently, it is associated with malicious actions against people, companies, organizations, etc., with whom you disagree and want to publicly humiliate. And they consist of the dissemination of private information of the victims on the Internet without their consent. For example:

  • Physical address and email.
  • Private correspondence.
  • Personal phone numbers.
  • Bank data.
  • Social security number or medical records.
  • Job site details.
  • Compromising personal images.
  • Criminal record.

What are the consequences of doxing?

Indeed, doxing survivors may face bullying, threats of physical violence, shame, fear, anxiety, and depression. But is the practice illegal? The answer is complicated.

It is generally not a crime to post information that is already publicly available about a person. Let’s say, it’s not illegal for you to tweet someone’s office phone number that you copied from their website. Otherwise if you tweet a personal phone number that you managed to steal from a device.

In other words, doxing is generally illegal if the data is taken by the doxer through illegal activity. Even if you just mislead someone with available information, you could face civil lawsuits or criminal charges. The laws in this regard are still evolving; but it is clear that, although all cases may not be illegal, practicing it is unethical.

Cybersecurity tips to avoid doxing

Cyber ​​criminals and trolls can be very clever at tricking you. However, here are some mechanisms you can use to prevent an attack:

  • Adjust your social media settings.
  • Make sure your profiles and usernames are kept private.
  • Remove specific addresses, workplaces, and locations from your accounts.
  • Set your posts to “friends only”.
  • Avoid discussing personal information that could be used against you. Also, anything that can identify your address, place of employment, or contact information.
  • Use a Virtual Private Network (VPN).
  • If you must use a public Wi-Fi network, turn off public network sharing on your device.
  • Use strong passwords.
  • Vary usernames and passwords on different platforms.
  • Hide your website’s domain registration information in WHOIS (a database of all registered domain names on the web).

What to do if you are a victim?

First of all, victims of doxing should never stand up to their attackers alone. From the get-go, victims should contact law enforcement, filing a formal complaint against the person and asking the sites hosting the information to remove it.

  • Report and block the abuser using the tools available on the platform where the bullying is taking place.
  • Take screenshots of all the details that may be relevant to support your case.
  • Make sure all your social media accounts are private; consider pausing for a while.
  • Inform your friends or relatives of what is happening; especially if your home or work address has been exposed.
  • Let your bank know what is happening; make sure your credit card details are protected.
  • Consider contacting your local police. While doxing itself may not be a crime where you are, financial fraud and the resulting physical harm is.

How does this type of threat work and how many types are there?

Those who practice doxing are known as doxers, individuals in charge of collecting information on the Network. In some cases, their tracking takes place on the Deep Web or deep Internet. Regarding the methods used by doxers to gather information on their targets, they are varied:

  • Among the techniques used is an old acquaintance: phishing. Through it and spear phishing they usually obtain confidential data.
  • In addition, they intercept the latter when they are sent by a user. It is what is known as sniffing.
  • To achieve their ends, some doxers perform Whois lookups. This database makes it easy to determine who owns a domain name or IP address on the Internet. Therefore, it is recommended to hide domain registration information in Whois.
  • By obtaining users’ IP addresses, they impersonate the telecom provider’s technical support staff and try to get the provider to reveal sensitive customer data.
  • Likewise, the doxers investigate the profiles of social networks. Through them they obtain data of interest and even clues about your access credentials.
  • In the same way, they use companies specialized in the traffic of confidential information.

How to protect your data in contact apps

To protect you from these practices and practice safe cyberfooling, recommended steps:

  • The apps should guarantee, as much as possible, the veracity of the profiles (at least the identity).
  • Users should review the permissions and privacy policies of these apps.
  • Every person who registers should be aware of all the personal information that is provided to the app and to other users.
  • Users should try to minimize the personal information they share.
  • Right now, the apps are including a new lock feature that stops screenshots in private conversations. This system prevents the sharing of chats or any element of the application, such as photos or information, and guarantees privacy and the possibility of those screenshots being used as blackmail.