Lesson 5. Ways you can be doxed?

How can you be doxed? In this lesson, we reveal scenarios of how doxers may attack victims.

If you have ever registered on a social network, left a comment under some video or posted on an online forum, your information is publicly available. Just google yourself and see the search results. But this is just the most basic information about you that can be found on the Internet. A person with sufficient motivation and time can find much more. In addition, a significant amount of information is available in public databases, as well as government and commercial records, from which data can leak.

A doxer aims to gather your personal information to use it for some malicious purpose, most often leaking it.

So, how do doxers do that? Where do they get all the information about you? There are several ways to dox people. Let’s look at the most widespread ones:

1. Social media stalking
   Social media stalking is one of the most widespread ways of doxing. Anyone who has a public account in social media has to be aware of the risks of being cyberstalked. A doxer can find out your location, workplace, friends, photos, likes and dislikes, places you have visited, the names of your family members, the names of your pets, and so on. Using this information, a doxer may even work out the answers to your security questions — which would help them break into other online accounts.
2. Tracking usernames
   Many people use the same username across a wide variety of services. This increases the risk of being doxed - potential doxers can build up a picture of your interests, define how you spend your time on the internet and also find information that can help track your real location.
3. Running a WHOIS search on a domain name
   Anyone who owns a domain name has their information published in a special registry that is often available via a WHOIS search. If you bought a domain name and did not hide your personal information at the time of purchase, personal information (for example, your name, address, phone number, business and email address) is available to everyone on the Internet.
4. Phishing
   If you have an insecure email account or fall victim to a phishing scam, the doxer can get their hands not just on your email, but also on other accounts where you use the same password.
5. Sifting through government records
   Even though most personal records are not available online, there is a fair amount of information that still can be found on government websites. Examples include databases of business licenses, tax records, marriage licenses, and voter registration logs – all contain personal information.
6. Tracking IP addresses
   IP address is tied to user’s physical location on the map. Once a doxer finds it, one can use social engineering tricks on your internet service provider (ISP) to discover more information about you. For example, they can file complaints about the owner of the IP address or attempt to hack into the network.
7. Using data brokers
   Data brokers gather their info from publicly available resources and from other data brokers to sell that information for profit. Many data brokers sell their information to advertisers, but several people-search sites offer comprehensive records about individuals for relatively small amounts of money. All a doxer has to do is to pay a small fee to obtain enough information to dox someone.

8. Identifying your location from posted photos
   A photo file often contains metadata, including info where this photo was taken.

These are just a few of the most popular ways to gather information about someone, but there are so much more – and some that you would not even be able to imagine.

A bright example is a case of an unfortunate cyclist. One day he unexpectedly began receiving abusive messages and threats from strangers. As it turned out, the sports tracking application he was using published his bike routes in the public domain, and someone found out that the cyclist recently drove near the place where someone attacked a child.

And here it started: due to a similar outfit and coincidental presence at the spot of attack, he was “identified” as a suspect by some internet users who found and published his address. As a result, the police had to protect the innocent cyclist while searching for the real attacker.

Still, not to worry, many cases of doxing like this can be prevented. In the next lesson, you will learn what you can do not to become a victim of doxing.