What is Doxxing? [A Detailed Guide]

Have you come across a random web post revealing a celebrity’s phone number or address? 

That's doxxing—and it does not just happen to celebrities. With over 5.16 billion internet users worldwide, everyone is at risk.

Doxxing is one of the most common types of online harassment. In 2022, over 43 million Americans have experienced doxxing at least once.

Keep reading to learn more about doxxing, what to do if you’ve been doxxed, and how to protect yourself from it.

Understanding What Doxxing Is

Doxxing started in the 1990s as a revenge tactic by hackers. Their goal was to break the anonymity of the target for harassment or other purposes. 

Nowadays, doxxing is typical in culture wars when attacking an opposing point. Most victims are famous people or celebrities. However, commoners can also suffer from doxxing attacks.

To better grasp what doxxing is, find out more about how doxxing works in the next section. 

The Doxxing Process

Doxxing starts with the collection of data. The attacker gathers small amounts of data about people scattered on the Internet. 

These data can be:

After that, the doxxer assembles the pieces of information to reveal the person behind them to the Internet. 

Now that most people use the web for almost everything, personal information is also accessible online. This makes it easy for doxxers to collect any information about their target.

Continue reading to know what methods doxxers use to gather your information. 

Common Doxxing Methods

Most people think they remain private while browsing, but that's not true. 

The Internet was never meant to put users’ privacy first. It shows you what you need to see, buy, or know—based on your digital footprint. 

This means anyone can dox anyone as long as they track or gather enough personal data on the web. Doxxers do that with the following methods:

Username Tracking

The username is one of the typical methods of doxxing since most people tend to use the same username across different platforms. 

With the same username, doxxers can understand the target's interest on the web and track their online activity.

Domain Name Tracking

If the target owns a domain name, gathering data through a WHOIS search on the domain is simple.

Since the target registers the domain, any doxxer who knows his way around domains can do a WHOIS search.

In most cases, domain owners don't change or hide their personal information when purchasing—making their data accessible to the attacker.

Phishing Scams

Over 300,000 phishing incidents were reported in 2021. A target who does not use a secure email account can fall victim to this method. 

With this scam, the doxxer goes through the email addresses of victims. They reveal and post sensitive emails online.

Social Media Stalking

Around 60% of the world's population uses social media. Anyone can stalk and gather sensitive data if their social media accounts are public.

Other than your name, doxxers can use your photos to locate your accounts. They can also use your phone number or email address.

These attackers can identify your job, hobbies, address, and more by simply going through your photos, captions, and profiles. 

Government Record Gathering

Almost 50% of American adults think that the government tracks their web activities. This is alarming, considering that your government records end up online sometimes. 

For instance, doxxers can get ahold of anyone’s business and marriage licenses. 

They can also see your DMV, country records, or voter registration.

While all these records may not mean much, they contain at least one or more pieces of personal data.

IP Address Tracking

An IP address is one of the most sensitive personal data since it links to a user’s physical location. 

If a doxxer knows their way around IP address tracking, they can locate you and uncover more data.

Mobile Phone Searching

There are many effective phone lookup services on the web. They can help you effortlessly find someone with a phone number. 

However, a phone number is another personal data attackers can use to dox. They use the effectiveness of reverse phone lookup tools against their victims. 

By simply entering your phone number, the tool will show doxxers whose number it is. Doxxers can see your name, track your location, and more. 

Packet Sniffing

According to statistics, one hack incident happens every 39 seconds. Packet sniffing is one of them. 

Packet sniffing happens when doxxers connect to an online network and crack the security. Once they're in, they capture any data flowing in. 

Doxxers can intercept everything that you send and receive online. This allows them to access passwords, cards, accounts, and even old messages.

Is Doxxing Illegal? 

No, doxxing in itself is not illegal. It is “legal” if the exposed data is accessible in public and the doxxer acquires it through a legal process.

Nonetheless, the act may violate some laws against stalking, threats, or harassment. Check out what those laws are below. 

US Laws on Doxxing

The US has two federal laws that can make doxxing illegal. These are:

Interstate Communications Statute

The 18 US Code Chapter 14 law has been in effect since 1934. This law states that it is a federal crime to use any means to ask for unlawful sexual activity.

It also includes any demand, ransom, or reward for releasing any kidnapped person. 

Doxxing falls under this law if the doxxer aims to blackmail or exploit any sensitive data for a prize. 

Interstate Stalking Statute

Established and legitimized in 1996, the Interstate Anti-Stalking Punishment and Prevention Act addresses stalking and harassment. 

These two acts are typical situations that happen once a victim is doxxed. 

Other than these two laws, the state of California also addresses doxxing with a regulation of its own. 

Penal Code § 653.2 PC

California considers doxxing illegal according to Penal Code Section 653.2. Under this law, doxxing can be a crime if it causes any form of online harassment.

Doxxing Regulations In Other Countries

Since doxxing is a recent tactic, there is a demand for more specific laws against it. Apart from the US, Australia and Hong Kong passed anti-doxxing laws.

For instance, Australia has the Commonwealth Criminal Code. Its Section 474.17 is against doxxing being used as a carriage service to menace, harass, or offend. Anyone convicted of this law can face two to three years in prison.

In 2021, Hong Kong passed a law against doxxing, considering it a criminal offense. Anyone guilty of this crime can face five years of imprisonment and a fine of 1 million HKD.

Popular Doxxing Cases Worldwide

Doxxing is a cybercrime that happens everywhere. Some cases became famous because of the victim, the doxxer, or the attack itself. 

Here are some doxxing cases that occurred around the world:

Celebrity and Politician Doxxing in 2013

Twelve high-profile politicians and celebrities became victims of a doxxing attack in 2013. Some victims were Beyonce, Ashton Kutcher, Hillary Clinton, and Joe Biden.

This doxxing attack came from Russian hackers, who published the victims’ financial information. Victims say their credit cards, SSNs, loans, and more were exposed. 

Faulty Doxxing in 2013

One of the darkest doxxing attacks ever recorded in history was Sunil Tripathi’s case. 

In 2013, some vigilantes on Reddit doxxed the Brown University student Sunil Tripathi. He was already reported missing for weeks prior to the Boston Marathon bombing. 

On April 18, the FBI released photos of the suspects in the bombing incident. A Redditor suddenly brought up Tripathi’s resemblance to the released images. 

This allegation blew up, and news outlets began covering the story. Tripathi’s loved ones took it to social media and expressed he was not responsible for the incident.  

The actual suspects were caught. However, days later, someone found Tripathi’s body in the water in Rhode Island. 

While the authorities said it was suicide, doxxing played a significant role. The public shaming Tripathi experienced was all caused by false accusations. 

Revenge Doxxing in 2015

Former Major League Baseball player, Curt Schilling, doxxed a group of people in 2015. This doxxing attack was considered revenge after they posted harsh things on Twitter about his daughter.

On February 25, 2015, Schilling posted a tweet congratulating his daughter as she was going to play softball for Salve Regina University.

Some people went overboard and gave vulgar remarks, which triggered Schilling to initiate a dox attack. 

Schilling investigated the real faces and posted their real identities online. One of the bullies got fired, and another got suspended from school. 

The rest of the bullies got scared and posted apology messages.

Effects of Doxxing

The severity of doxxing attacks varies. Some can be petty, like signing up for mailing lists or charging for delivery. 

However, there are dangerous doxxing attacks. Some involve harassment, swatting, identity theft, and other forms of cyberattack.

Doxxing can cause its victims to suffer emotional and physical damage. Here are some of the common effects of doxxing: 

• Online and offline harassment

Harassment is a typical effect of doxxing. In general, 90% of reported dox victims say they were harassed.

Doxxers expose sensitive data about their victims. If the data contains any record of wrongdoing, the attack can lead to harassment—online and offline.

• Public shaming

When doxxing exposes any shameful information about the victim, it can lead to public shaming. 

For instance, the doxxing case of Ashley Madison affected millions of users. The hackers asked for demands, but the dating site did not comply. 

As a result, the group released sensitive user data. It doxxed 37 million users, causing humiliation, embarrassment, and reputational damage.

• Loss of job

Doxxing, which involves exposing sensitive data like a criminal case, can lead to job loss. Even if the record is not grave, it still affects the victim's career and job opportunities.

• Identity theft

Doxxers expose all sorts of personal details. Any user who will see the dox post (or even the doxxer himself) with your information can use the leaked data to commit identity theft. 

They can use your personal information to scam others, take loans, claim insurance, and more. 

What to Do if You've Been Doxxed? 

Being a victim of doxxing can make anyone panic. That’s a natural reaction, considering how scary seeing your personal information plastered on the web would be. 

However, the goal of doxing attacks is to violate your security, deliberately causing you to panic or freak out. If you ever get into this situation, here's what you must do:

1. Report the incident to the platform.

The first thing to do is reach out to the platform where the attacker posted your information. See the terms of service or any guidelines on this matter.

If you reach out to the platform, request that they delete the post. They can also restrict the attacker from doing more. 

2. Contact law enforcement.

It's best to involve and contact your local law enforcement if there are personal threats. They will focus on any information directed at you, your address, or other sensitive data.

3. Record the doxxing.

If threats are sent to you, keep evidence like screenshots and records for the report. 

Since it's online, include the date, timestamp, and URL in your screenshots or recordings. Those will serve as evidence for the authorities.

4. Contact your bank.

Contact your bank immediately if the attack involves bank details, like card numbers. 

The bank can block any transaction related to your card or account. Banks can also help you set up new passwords for your accounts and cards.

5. Lock all your accounts.

You'll also need to secure all your accounts if a dox attack happens. This will limit the doxxer's access to your account and information.

Protecting Yourself from Doxxing

Anyone who browses, posts, or has an account online can get doxxed. 

With this in mind, below are some steps to protect yourself from doxxing:

• Protect your IP address.

Since an IP address is sensitive data, always protect it. You can mask your IP address using a VPN or proxy IP. 

These anonymity tools hide your real IP by letting you browse with another. 

VPNs and proxies also come with other benefits, but their main goal is to keep you incognito and secure your browsing.

• Have good cybersecurity.

Cybersecurity statistics say that online criminals have compromised the personal data of around 50% of Americans.

Having good cybersecurity lets you prevent doxxers from stealing personal information. This involves using an anti-virus. These tools can detect up to 350,000 viruses daily. 

You can also install tools that protect you from various kinds of malware. It's also best to keep software updated for better security.

• Create a strong password.

Doxxers can hack all your accounts if you use the same password for all of them. For this reason, create a unique and strong password for each online account. 

Combine numbers, symbols, and letters. Regularly changing passwords is also a good practice to avoid hacking or doxxing. 

• Use several usernames.

Using only one username across all platforms can make you vulnerable to doxxing. With different usernames, your identity will be more difficult to uncover. 

It will also give doxxers a hard time tracking your online activity and movement.

• Use different email accounts.

It can be easy for doxxers to search for an email address. Having one email account makes doxxing even easier. 

The best thing to do is to create several online accounts for various purposes. 

For example, you can have three email accounts—one for professional, one for personal, and one for spam. Here’s how you should use each one:

1. Use your personal email for your relatives and close friends' correspondence. 
2. Your professional email should be for work only. Any documents, meetings, and work-related emails are routed to this email.
3. Your spam email should be for account signups, services, and mailing subscriptions. 

• Stay private on social media.

Manage and review your social media posts and profiles. Ensure you put out only minimal information about your life in public.

You should also only share your details with people you know. Avoid turning your profile public and accepting requests from unknown people.

• Set up multi-factor authentication.

Multi-factor authentication lets you access your account with two or more ID types. It can be your password or a code from your phone. 

Hackers will need tools and more help to access your device and account with MFA.

• Get rid of your old accounts.

Check the web for all your accounts and delete the ones you don't use anymore. 

If you have decades-old accounts, the information on them remains accessible. That is why it is best to delete or deactivate them.

• Remove data from brokers.

Data brokers can have sensitive information about you, but you can remove it on your own or through some services. This process can take time, but it can also be expensive when you pay for a service.

If you need help figuring out where to start, head to the Oracle Netsuite or Epsilon databases. 

• Avoid online quizzes that ask for permission.

An online quiz or app asking for permission can be a source of anyone’s sensitive data.

Also, mobile apps usually ask for permission. Be cautious if the app wants to access your contacts, location, and social media.

Conclusion

Doxxing is a severe issue, and it became so because of how easily data can be accessed online. 

There are few laws against it, making it trickier to face. Also, the physical and emotional damage it can do to victims is off the charts.

The best way to solve or prevent it is to secure our personal information. You can also avoid doxxing by not joining any arguments with others online.