We have all heard the term doxing before, but what does it really mean? Why is it important to me?
Doxing refers to the internet-based practice of gathering an individual’s personally identifiable information (PII)—or an organization’s sensitive information— from open source or compromised material and publishing it online for malicious purposes.
Although doxing can be carried out by anyone with the ability to query and combine publicly available information, it is often attributed to nefarious actors, hacktivists, and extremists. Doxers compile sensitive information from compromises of personal and professional accounts and a wide range of publicly available data sources to craft invasive profiles of targets, which are then published online with the intent to harm, harass, or intimidate victims (CISA, 2021).
Organizations may be targets of doxing due to their stance on a particular issue, involvement in a certain industry, related organization policies, or grievances. Doxing attacks targeting senior leaders of an organization, often serve as “reputation attacks” and could lead to activities seeking to embarrass, harass, or undermine confidence. Incidents of doxing that target individuals often serve to harass, intimidate, or inflict financial damages, and can potentially escalate to physical violence (CISA, 2021).
Most businesses compile databases that contain personal information, whether suppliers, customers, or employees. Almost everyone, individuals and businesses has a presence on social media. Any of these databases can be breached and personal information gathered for use in doxing.
As you can see doxing can be and is dangerous. How do you better protect yourself from doxing:
- Limit what you share on social media.
- Maximize the privacy and security settings on social media sites.
- Remain vigilant of phishing attacks.
- Make sure that all operating system software (i.e. windows) is updated.
- Delete any apps that you do not use. This reduces the ability for hackers to get in through a rarely used door.
If you become a victim of doxing, take these steps
- Contact law enforcement, local first, then move up the chain to the FBIs Internet Crime Complaint Center (IC3).
- Determine what information was leaked and how it was compromised.
- Delete the information from the source of the leak.
- Monitor signs of identity theft through financial institutions, unsolicited password changes, etc.
CISA. (2021, August). MITIGATING THE IMPACTS OF DOXING ON CRITICAL INFRASTRUCTURE. Retrieved from http://www.cisa.gov: https://www.cisa.gov/publication/mitigating-impacts-doxing-critical-infrastructure