Jan 14 2022

What Is Doxxing?

doxxing, short for "dropping documents," is a cyberbullying technique that involves the malicious exposure of sensitive or secret information about an individual with the intent to cause harm, harassment, financial loss, or other forms of exploitation. This practice gained prominence in the 1990s, originating from hackers unveiling the true identities of adversaries hidden behind pseudonyms. The term "doxxing" has become especially prevalent in contemporary culture wars, where individuals supporting opposing causes become prime targets.

Prepare to Protect Your Data in a Changing Security Landscape

How Does Doxxing Work?

doxxing capitalizes on the wealth of personal information available on the internet, often protected by varying levels of security. Cybercriminals, activists, or other malicious actors employ various methods to uncover and weaponize this data against their targets. Techniques include tracking usernames across different online accounts, running WHOIS searches on domain names, exploiting phishing scams, stalking social media, sifting through government records, tracking IP addresses, conducting reverse mobile phone lookups, using packet sniffing, and leveraging data brokers who collect and sell personal information.

Impact on Businesses and the IT Industry

The repercussions of doxxing extend beyond individuals, affecting businesses and the IT industry. As businesses increasingly rely on online platforms, they become potential targets for doxxing attacks. Exposure of sensitive business information, employee details, or proprietary data can lead to reputational damage, financial losses, and compromised cybersecurity. The IT industry itself faces the challenge of defending against doxxing, with professionals employing encryption technologies, robust cybersecurity measures, and employee training programs to mitigate risks.

Is Doxxing Illegal?

While doxxing itself is not inherently illegal, the manner in which the exposed information is used may constitute illegal activities, especially if it involves stalking, threatening, or harassing the target. Certain types of doxxing, such as revealing information about government employees in the United States, are explicitly illegal, falling under federal offenses.

How to Prevent Doxxing

Preventing doxxing requires a proactive approach to safeguard your online presence. Employ the following strategies to minimize the risk of falling victim to these malicious attacks:

  • Virtual Private Network (VPN): Utilize a VPN to encrypt internet transmissions, rendering them secure and inaccessible to potential doxxers
  • Strong Password Practices: Create unique passwords for each account. Consider employing a password manager for added security. Or even better, go passwordless.
  • Avoid Phishing: Verify the legitimacy of emails from banks or credit card companies to avoid falling prey to phishing scams.
  • App Permissions Management: Be selective when granting app permissions, especially access to social media information.

How to Report Doxxing

Reporting doxxing incidents is crucial for swift action. If you discover that you or someone else has been doxxed, informing relevant parties such as financial institutions and law enforcement is essential. Prompt reporting provides the necessary groundwork for addressing potential threats and holding perpetrators accountable.

Swift reporting of doxxing incidents is crucial for mitigating potential harm and holding perpetrators accountable. Follow these steps when reporting a doxxing incident:

  • Inform Law Enforcement: Share details with law enforcement if the doxxing involves threats or potentially illegal activities. 
  • Document the Incident: Capture screenshots of doxxing content and affected web pages. Maintain a written record detailing the sequence of events, aiding authorities in their investigation.
  • Protect Financial Accounts: Contact your bank or credit card provider promptly to secure your financial accounts. Monitor for any suspicious activity and report unauthorized transactions immediately.
  • Fortify Online Privacy: Strengthen privacy settings on all online accounts. Change passwords for affected accounts to prevent further unauthorized access.

What To Do if You Are Doxxed

In the unfortunate event of falling victim to a doxxing attack, immediate actions are crucial. Report the incident, involve law enforcement if necessary, document the occurrence with screenshots and web pages, protect financial accounts, fortify online privacy settings, and seek support from trusted individuals. Timely and decisive steps can help mitigate the impact of a doxxing incident and protect against further harm.

tdub303/Getty Images

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.