top of page

What is Doxing?

  • mknsec
  • Jun 5, 2022
  • 4 min read


ree

What is Doxing?

Doxing is about getting information about someone ! Simply it deals with the profiling of your target . Whatever information you get by researching your target comes under Doxing . Doxing defines a Step by step approach through which you profile your target . Here are some of the techniques by which you can dox your target :

  • IP Address [80% effective, in my opinion it's the best way to dox]

  • Email [Not very effective,Useful in getting the victim’s social account]

  • Home/Street Address [Shitty,Almost won’t work with you]

  • Phone number [You may not get anything from that,Bad way]

  • Name [There is 7 billion people in earth,The chances are extremely low to make a site/tool or whatever to determine the person you are looking for]

How does doxing work?

We live in an age of big data; there is a vast ocean of personal information on the internet, and people often have less control over it than they believe. This means that anyone with the time, motivation, and interest to do so can turn that data into a weapon.

Some of the methods used to dox people include:

Tracking usernames

Many people use the same username across a wide variety of services. This allows potential doxers to build up a picture of the target's interests and how they spend their time on the internet.

Running a WHOIS search on a domain name

Anyone who owns a domain name has their information stored in a registry that is often publicly available via a WHOIS search. Suppose the person who bought the domain name did not obscure their private information at the purchase time. In that case, personally identifying information (such as their name, address, phone number, business, and email address) is available online for anyone to find.

Phishing

If the person uses an insecure email account or falls victim to a phishing scam, the hacker can uncover sensitive emails and post them online.

Stalking social media

If your social media accounts are public, anyone can find out information about you by cyberstalking you. They can find out your location, workplace, friends, photos, likes and dislikes, places you have visited, the names of your family members, the names of your pets, and so on. Using this information, a doxer may even work out the answers to your security questions — which would help them break into other online accounts.

Sifting through government records

While most personal records are not available online, there is a fair amount of information that can be gleaned on government websites. Examples include databases of business licenses, county records, marriage licenses, DMV records, and voter registration logs – all contain personal information.

Tracking IP addresses

Doxers can use various methods to discover your IP address, which is linked to your physical location. Once they know it, they can then use social engineering tricks on your internet service provider (ISP) to discover more information about you. For example, they can file complaints about the owner of the IP address or attempt to hack into the network.

Reverse mobile phone lookup

Once hackers know your mobile phone number, they can find out more about you. For example, reverse phone lookup services like Whitepages let you type in a mobile phone number — or any telephone number — to find out the identity of the person who owns the number. Sites such as Whitepages charge fees to provide information beyond the city and state associated with a mobile phone number. Though, those willing to pay can discover additional personal information about you from your mobile phone number.

Packet sniffing

The term packet sniffing is sometimes used in relation to doxing. This refers to doxers intercepting your internet data, looking for everything from your passwords, credit card numbers, and bank account information to old email messages. Doxers do this by connecting to an online network, cracking its security measures, and then capturing the data flowing into and out of the network. One way to protect yourself from packet sniffing is by using a VPN.

Data Brokers As the name suggests, data brokers collect information and then sell it to others for a profit. A data broker will gather information about potential targets by going to several websites that house public records. This may include loyalty card websites, which keep track of your online habits or your search history, to obtain the data they need about you.

What Information Are Doxers Looking For?

Anything that can help them expose the identity of someone who is remain anonymous. In a doxing attack, then, hackers might publish someone's:

  • Real name

  • Telephone number

  • Social Security number

  • Home address

  • Credit card number

  • Bank account number

  • Personal photographs

  • Social media profiles

Is Doxing illegal?


In many cases, doxing is not illegal, particularly because the information that is being exposed is publicly available online. This means that, at some point, the target granted an entity the right to publish it. However, the way the information is used may make the overall act illegal, particularly if it involves stalking, threatening, or harassing the target.


How To Protect Yourself from Doxing

  • Use a VPN

  • Protecting your IP address by using a VPN

  • Practice good cybersecurity

  • Use strong passwords

  • Use separate usernames for different platforms

  • Create separate email accounts for separate purposes

  • Review and maximize your privacy settings on social media

  • Use multi-factor authentication

  • Get rid of obsolete profiles

  • Be alert for phishing emails

  • Hide domain registration information from WHOIS

  • Scrub your data

  • Ask Google to remove information

  • Be wary of online quizzes and app permissions

  • Avoid disclosing certain types of information


How do I recover If I've been doxed?

There are some steps you can take to limit the damage.

Report it: Report the attack to the platforms on which your personal information has been posted.

Involve law enforcement: If a doxer makes personal threats against you, contact your local police department.

Document what's happened: Take screenshots or download pages on which your information has been posted. This can help law enforcement or other agencies that might investigate the doxing.

Protect your financial accounts: If doxers have published your bank account or credit card numbers, report this immediately to your financial institutions. Your credit card provider will likely cancel your card and send you a new one. You will also need to change the passwords for your online bank and credit card accounts.

Increase your privacy settings: Configure the privacy settings on your social media profiles to the most private options to help keep snoops and doxers away.


 
 
 

Kommentare

  • Instagram
  • Facebook
  • Twitter
  • LinkedIn
  • YouTube

COPYRIGHT © 2022  |  SECURITY ERA  |  ALL RIGHTS RESERVED  

bottom of page