Depending on the source, the term doxing either comes from an abbreviation of the word documents, or docs, that has been turned into a verb; or it’s derived from the term “document tracing”; or it comes from the slang “dropping dox.”
What does the term doxing mean?
Doxing is hacking, gathering, and publishing information about someone that was previously private and sometimes hard to obtain. When sensitive private documents are exposed publicly it can damage the reputation of any person or business.
What do hackers look for when doxing?
Hackers look for full names, email addresses, phone numbers, addresses, photos, social security numbers, account numbers, etc. Doxing carries a negative connotation, as it's typically used as a means of coercion, revenge, or stalking.
What are some common doxing techniques?
With so many people placing their personal information online, hackers have more opportunities than ever to access personal information. There are a number of techniques that are used to achieve this.
- Email hacking is perhaps the most common method for getting a hold of someone's private information. Once an email address is obtained, a hacker can attempt to get into the owner's email account where they can access more sensitive information.
- Google indexing paves the way for finding information. When Google indexes a web page, it's storing a copy of all the information on that page so that searches are fast, easy, and thorough. In many cases, all that's necessary after that is for someone to use the relevant search words and phrases, and voilá, they have the details they're looking for!
- Social networking sites are a veritable treasure trove of information. Facebook, Twitter, LinkedIn, Tumblr, Pinterest, Instagram, and others have personal details on hundreds of millions of people. They unwittingly put their private lives up for grabs when they provide every detail in their social media profiles, especially if they've not educated themselves about privacy settings. When that info is accessed, it's a hacker holiday.
- Reverse phone lookup is another way hackers get details. A Google search of a phone number will often lead to a list of investigative services, such as PeopleFinders.com, Intelius.com, WhitePages.com and others, that scrape the Internet for personal information. For a few dollars, a hacker can have access to current and previous addresses, possible relatives, email addresses, phone numbers, age, etc.
- Using website domain information a Whois search can be used to find out who has ownership of a particular domain name, when the domain was registered, and when it expires, as well as the administrator, billing, and IT contacts for that domain. The results of this kind of search will provide nearly all the info provided when the domain was registered, such as names, addresses, email, phone numbers, etc.
- Social engineering, a much more hand's on approach, is perhaps the most insidious and devious method for getting a person's or company's sensitive information. It involves a hacker contacting someone, usually through social networking sites, with the express purpose of extrapolating sensitive information from them.
How to protect yourself from doxing
Steps can be taken to protect oneself from exploitation by hackers and predators online. The time you spend setting up these precautions are worth the peace of mind they'll bring.
1. Be sure to configure privacy settings to hide private information from search engines and prying eyes, such as personal details and photos. If a site does not offer this protection, you may want to consider not sharing information on that site.
2. Use different email accounts for different activities. For example, use one email for gaming, a different email for banking, and third for forums, etc. This way, the risk of your sensitive information being pillaged is reduced.
One person at Reputation X has a novel way of thwarting attackers, he uses a different email address for every site he enters it on using a "catch-all" address, so he can tell when his information has been sold to a third party when he starts getting cialis ads from the United Airlines specific email address (for example).
3. Don't upload your web albums to social media sites or blogs. If you must, make sure your privacy settings are configured to keep your pictures hidden from search engines so only friends can see them.
4. Try to remove as much information as you can from sites like Intelius and others. For Intelius you can go to their removal form and request removal. Some states, like California, allow people more control over their personal information due to laws such as the California Consumer Privacy Act of 2018.
5. Be thoughtful about what you're putting on the Web. The more selective you are with what you share about yourself, the less likely you are to find yourself in a compromised position at the hands of unsavory characters. In the end, some information just shouldn't be anywhere on the Internet, nor does it need to be.
6. Keep your important documents secure. Use a different password for every important account. This can keep hackers from guessing one password and then getting access to everything you own using the same password. It's hard to keep track of lots of passwords so password-storage software like 1 Password and others can help keep it organized. But even that isn't totally secure because you still need a password to get into your password vault, and if someone guesses that... well, you might be in trouble.
7. Change your passwords often. Chances are you will have a handful of sensitive sites that are more interesting to hackers than others. These passwords should be changed often, about every 60-90 days. But less sensitive passwords can be changed less often.
Are professional hackers after you?
If you're a politician, journalist, person of high net worth (yay you!), or other high priority target for hackers, you might want to take extra steps like using the TOR browser (its encrypted and data is bounced all over the world for extra security), or signing up for Google Advanced Protection. It completely locks down your information, but there is a price to pay in that it might be more challenging for you to access your data as well. But if you're working in certain industries it might be just the thing to help you sleep at night.