What Is Doxing And How Does It Work?

Lock down your social media accounts

Weakly secured social media accounts are easy targets for hackers and doxers. To avoid becoming a victim, be vigilant about protecting your socials. Limit what strangers can see by setting profiles to private and restricting friend requests.

Avoid posting sensitive details such as your home address, phone number, work address, and children’s details.

Know that even if you use a pseudonym, doxers can crack your identity by cross-checking one social media account with another, especially if you use it to interact with friends and associates.

Hide Domain Registration Information (WHOIS Privacy)

If you own a domain name, use WHOIS privacy protection to conceal your domain registration information.

This prevents attackers from seeing details tied to your domain, often including your name, email address, phone number, and physical address.

Guard Against Phishing

Bad actors are launching phishing attacks every minute of every day. These operations are typically automated and distributed widely at scale. According to CISA estimates, more than 90% of successful cyberattacks start with a phishing email.

To protect yourself against seemingly legitimate messages and pages crafted to deceive you:

• Always double-check the sender’s email address.
• If it’s a link you don’t recognize, think carefully before you click.
• Trust your instincts, and delete unusual requests from unknown sources.
• Never share login details via email.
• Hover over links before clicking. This allows you to check for red flags such as misspelled domains (e.g., “paypa1.com” instead of “paypal.com“).
• Educate your family and team members about the dangers of phishing and how to identify these malicious approaches.

Create Separate Email Accounts

Regarding email security, a good practice is to use different accounts for different purposes. For example:

• Your personal account (not publicly listed) – reserved for private communications with friends, family, and trusted contacts.
• A dedicated “spam” account – used for online sign-up to apps, accounts, services, and promotions (it may appear publicly in some situations, but try to limit exposure).
• Your work email – publicly listed or available within your professional network for business communications.

This compartmentalization reduces the danger of a single compromise exposing all your accounts and activities.

Employ Strong Privacy And Security Protocols

Be vigilant about your privacy and password security:

• Enable two-factor authentication (2FA) on all important accounts. 2FA adds an extra security step by requiring your password plus a second factor, e.g., a one-time code or biometric data. Multi-factor authentication adds another security layer.
• Use strong, unique passwords (a combination of uppercase and lowercase letters, plus numbers and symbols).
• Avoid using the same password for multiple accounts.
• Change passwords periodically.
• Review your privacy settings regularly to limit unnecessary data exposure.
• Invest in antivirus and malware detection software, and keep this protection up-to-date.

Manage App Permissions Carefully

When taking an online quiz or signing up for a third-party app, you may be prompted to allow it access to your social media accounts. This can be a serious privacy risk. In the infamous Cambridge Analytica scandal, a quiz app was used to harvest not only user data but also their friends’ private details.

The risks of a maliciously created app are obvious. Even if the app is legitimate, its security may be weak, allowing doxers to steal your information.

This compartmentalization reduces the danger of a single compromise exposing all your accounts and activities.

Use A Virtual Private Network (VPN)

A secure VPN helps defend you against doxing by masking your unique IP address. We’ve mentioned that your IP is a key piece of information doxers use to hone in on your real-world location.

By routing your internet traffic through a remote server, a VPN hides your true IP address behind the server’s. This makes it much harder for anyone to trace your online activity back to your personal identity and location.

Research to make sure you use a reliable VPN provider with a strong privacy policy. Untrustworthy services have been known to expose users’ data.

Limit Your Use Of Public Wi-Fi

Be cautious when using public Wi-Fi, as these networks are often unsecured. Because the traffic is typically unencrypted, bad actors harvest personal information, including passwords and login details.

To reduce your risk of doxing, always use a virtual private network to encrypt your connection when on public Wi-Fi. If you don’t have a VPN, turn off public network sharing functionality and other sharing features on your device before connecting.

Remove Yourself From Data Broker Sites

There are an estimated 4,000 data brokering companies worldwide. This $200 billion industry, largely invisible to most people, collects and sells your personal information (shopping habits, search history, location data, and more) to advertisers and businesses.

The industry is only lightly regulated, meaning your data may easily fall into the wrong hands, potentially leading to doxing.

It’s technically possible to remove your data from brokers. However, given the volumes involved, it’s a difficult, time-consuming project.

Services like Incogni, DeleteMe, and OneRep will handle the process systematically on your behalf. You sign up, authorize them to act for you, and they send legal requests to remove your data under privacy laws.

Don’t Overshare In Online Communities

Be careful about how much information you share in online communities. Even casual mentions of your city, workplace, or habits can be pieced together and used to target you.

A good rule of thumb is to assume that everything you say in communities like Discord, Reddit, Slack, gaming forums, and Facebook Groups could potentially become public. Protect your privacy by limiting identifying details in these spaces.