“How does doxxing work?” This was the question I asked myself when I first heard about doxxing and people getting their private information exposed on the internet.
Trying to answer it led me down a rabbit hole of details that clued me into how people can find your information and what they can do with it.
In this guide, I’ll share what I learned with you – as well as steps you can take to mitigate the risk of getting doxxed.
How Does Doxxing Work?
Doxxing or “dropping dox” (or docs) on someone typically involves collecting small amounts of information left by a person all over the internet – and then releasing some or all of that information without their permission.
Doxxing attacks can often lead to online harassment and cyberbullying.
Some people have also been swatted (when someone sends law enforcement to their house with malicious intent), stalked, or even killed with the information acquired through doxxing. In other words, it’s a real threat and not something to be taken lightly.
Finding information to doxx you with can be done in several ways. Here are some of the most common among internet trolls and other bad actors:
One of the easiest ways people can find out more about you is through your username.
If you use the same username across multiple online accounts or apps – whether it’s for social media, posting on YouTube, forums, shopping accounts, and so on – a person who comes across you on one site or app can immediately find you everywhere else you hang out on the web.
All they have to do is type your username into Google or another search engine.
To mitigate this risk, use a unique username for every account. None of your usernames should include real-life information, like your surname or even name.
If someone has your name/phone number/email address/username, they can find out a lot more about you using a data broker site.
Data brokers – companies such as Spokeo, Whitepages, and Peoplefinder – operate by collecting and compiling pieces of information on individuals into a single profile and then selling that profile for a small fee to anyone interested in it.
The information that data brokers offer can come from a number of sources, including social media accounts like Facebook, Instagram, X, TikTok, or LinkedIn, as well as websites, news articles, retail outlets, and more.
Sometimes, data brokers also obtain sensitive personal data, including social security numbers. While they may not openly sell that information, a data breach can leave you open to identity theft and worse when your private data winds up on the dark web.
Many data brokers will give you the option of “opting out” of their services. You can find opt-out forms or email addresses to contact them and request the removal of your profile on their websites.
Keep in mind, however, that data brokers collect information continually to renew their databases, so you will need to repeat the process periodically to keep your data private.
Alternatively, there are data broker removal service providers like DeleteMe that can remove you from data broker databases on your behalf.
By default, public records are meant to be exactly that – open to the public. That means that anytime you’ve been arrested, gotten married, gotten divorced, had a traffic violation, obtained land, or anything of that nature, the record exists and can be viewed in person or even online.
In many cases, you can contact the court with the record and request that it be sealed to the public, but you will need to make a compelling case as to why the record should be sealed (for your safety, for instance).
Social media stalking
Social media stalking happens when someone digs through social media sites, finding as much information as possible about you.
Make your social media profile and biographical information private.
Remove personal details such as your real name, workplace, and relationship status.
Remove geolocation from your photos.
Avoid mentioning your family members in public posts.
Tip: By protecting your privacy on social media, you’re not only reducing the amount of information a doxer has to work with but also increasing your cybersecurity – and reducing the risk of cyber attacks. Hackers and cybercriminals use personal data on social media to guess login credentials (despite what many people still think, information like your spouse’s name is not a strong password) and bypass security questions.
Whois is a simple service that lets you do a reverse lookup on a website’s URL or an IP address to find out the contact information of who owns it. Depending on the website registration type, it could include your full name, phone number, home address, and email address.
Most domain registrars offer the ability to make your real identity private or obscured, sometimes for an additional fee.
If you’re not sure about your domain, you can go to the Whois lookup tool and type in the URL. Ideally, you’ll see something along the lines of this screenshot (with “Registration Private” indicated).
Another way doxxers can get your sensitive personal information – including your address, social security number, credit card number, and bank account information – is by social engineering, and more specifically, phishing.
Phishing can happen in many ways, but the most common is when someone sends a “spoof” email or text from what looks like a legitimate business (such as Amazon, Microsoft, or Revolut).
Here’s an example of a phishing text:
By clicking on a link within the scam email or text and then entering your personal information, you are handing it over to doxers.
In some cases, doxers may also trick you into clicking a link that leads to malware that can then steal your credentials to your email account, etc. For this reason, it’s a good idea to use a password manager and multi-factor authentication.
The fear that someone might leak your IP address and then use that to dox you is a common one, especially in the gamer community. However, unless the doxer manages to successfully socially engineer your internet service provider (ISP) into giving up your personal information, they are unlikely to be able to do much harm to you.
The reason why is that your IP address reveals only your general vicinity. It also changes all the time.
That being said, if you’re still worried, you can always use a virtual private network or VPN (something that you should be doing anyway if you’re ever connecting to public Wi-Fi).
Reduce Your Risk of Doxxing
Doxxing and the potential effects that come from getting doxxed – including swatting and death threats – can be terrifying, but fortunately, once you know how it works, you can take steps to reduce your risk.
Laura Martisiute is DeleteMe’s content marketing specialist. Her job is to help DeleteMe communicate vital privacy information to the people that need it.
Since joining DeleteMe in 2020, Laura has done exactly that.
Creating some of the internet’s most popular privacy content on DeleteMe’s blog, writing the leading privacy newsletter Incognito, and helping DeleteMe plan and craft its messaging across different channels, Laura drives DeleteMe’s content.
Laura has a degree from University College Cork.
You can contact Laura with questions and ideas at email@example.com