Welcome back to Cyber Threats 101! We’re onto Chapter 3 of our A Busy College Student’s Guide to Online Security.  In this chapter, we’ll learn more about “doxxing”,  its origins,  and tips on how to avoid getting doxxed. Let’s get started!

What is doxxing?

“Doxxing” or “Doxing” is when someone searches and publishes personal and private information about someone else on the Internet with malicious intent.

Wait, didn’t I hear about doxxing in the news recently?

Quite possibly! Doxxing has become a trending phenomenon ever since “Gamergate” in 2014, when women in independent game makers and critics, mainly women, were doxxed by gamers who didn’t want the “traditional, patriarchal, dude-dominated gaming culture,” to change.

Both private and public citizens have been doxxed–from the inventor of Bitcoin, to celebrities like Beyoncé, Britney Spears, and Mel Gibson, to the Los Angeles Police Department, and, more recently white supremacists from the deadly rally in Charlottesville, VA.

How would someone get my personal information?

Heimdal Security outlined several different ways hackers can find your personal information:

  • Your Online Posts: Everything you post on social media, forums, and message boards can be used to extract information about you, like which country you live in.
  • Packet sniffing: A hacker will intercept the Internet traffic between your Router and PC, in an attempt spy on your online activities in real time, and capture data like your email, passwords, financial information, and more.
  • File metadata: Microsoft Office files often have “metadata”, which contains info about who made the file, the date it was created, and from what computer. Photos also have something similar called EXIF data, which can reveal photo resolution, the time the photo was taken, and the location if your GPS was enabled.
  • Your IP address: Cyber criminals have also used tools called IP loggers to find your IP address.

What kind of data do people publish online?

The information doxxers post online varies. Full names, home addresses, phone numbers and email addresses are the most common. But hackers have posted more sensitive information and documents, including social security numbers, credit reports, property records, campaign contributions, names of family members, and intimate personal photos.

How can I protect myself from doxxing?

Here are a few tips to protect your physical and digital identity from doxxing:

  • Use a Virtual Private Network (VPN) to protect your IP address, and encrypt your data and Internet traffic.
  • Be cautious of the information you post, the photos you upload, and who you friend on social media sites. Adjust your security settings to control who can see the information on your profile.
  • Use a separate email address–that does not contain any personally identifiable information–when you register for a new online account.
  • Clean up your digital footprints. Use a tool like Pipl to locate where your personal information is accessible on the web and remove them promptly. While you’re at it,  delete old accounts you no longer use.
  • If you have a blog or website, remove your personal information from WHOIS. WHOIS is a public database of registered websites, which includes data like your name, street address, phone numbers, and more.

Did you enjoy reading this guide? Go back to read Chapter 1: Social Engineering & Phishing Attacks and Chapter 2: Ransomware.