Doxxing, aka “dropping dox,” is the act of publishing someone’s private information to cause them harm, and it can have serious repercussions. In this article, we'll tell you more about what doxxing entails and how you can use online safety strategies to help prevent it from happening to you. Then, we’ll cover the benefits of using comprehensive security software like Norton 360 with LifeLock to help protect against identity theft and other serious effects of doxxing.
More than 43 million Americans have experienced doxxing in some capacity. Occurrences continue to rise and underscore how easily hackers can access people’s private information and inflict lasting harm.
When someone releases your personal details to the public in a doxxing attack, you may notice an influx of hateful messages, workplace harassment, and trespassing attempts. In fact, this is how many people discover they are getting doxxed. Even in less extreme circumstances, the sudden loss of online privacy can be a shocking and stressful experience—taking a toll on the tangible parts of life and your mental health.
What is doxxing?
Doxxing, short for "dropping dox," occurs when a cybercriminal unearths personal information about someone and publicizes it to expose their identity nonconsensually.
Generally, cybercriminals do this to:
Troll for attention or entertainment
Bully someone they dislike
According to data by SafeHome.org, the most common factors that fuel doxxing attacks are poorly-received public posts, perceived slights or a difference of opinions, or gaming disputes. Following a disagreement, the attacker usually makes it their goal to shame the target, incite violence, cause them to lose their job, or inflict other harm.
Is doxxing illegal?
Doxxing is technically illegal in the U.S. because, by nature, it requires the doxxer to stalk, intimidate, or harass the target—all of which are actions done with malicious intent. However, no federal law explicitly states that doxxing is illegal. Instead, the federal government has indirectly related legislation to prevent stalking and the Interstate Doxxing Prevention Act which makes it illegal to use mail or delivery services to publish identifying information about another person to harm them, their family, or their spouse.
Some states also have laws against doxxing. Although, most focus on preventing cyberbullying, harassment, and stalking rather than solely stopping doxxing. Some states with legislation that can be applied to doxxing include:
Many people incorrectly believe that drawing attention to public information is a form of doxxing; it is not. Anyone can publish information that is publicly available online or in public records. This includes:
Social Security number (SSN)
Home or work address
By accessing these records, anyone can learn your address, political party affiliation, or criminal history. Unfortunately, even if you’d rather keep these things a secret, doxxers are legally within their right to publish anything that is accessible to the general public, although it is unethical in many cases.
What are some common doxxing techniques, and how do they work?
While cybercriminals can easily leverage public records, they also have tricks to access private information, too.
Cyberstalking:Many social media users openly share details like birthdates, hometowns, relationship statuses, phone numbers, education, and more on their profiles, which doxxers can use against them.
Packet sniffing:A doxxer can intercept private information like account passwords and credit card numbers by connecting to the same network as you, cracking its security measures, and snagging the data flowing through it—that’s why you should use a Virtual Private Network (VPN) when connecting to public Wi-Fi, aka unsecured networks.
IP logging: A hacker uses code or an online application to uncover their target’s IP address and find the person’s physical address or information about their online behaviors.
Reverse cell phone lookup: Reverse phone lookup services and traditional phonebooks let doxxers find your name or number—this is legal but can be used to find more information about you that isn’t public.
Public records research: Armed with the right information, anyone can access your records and learn your full name, birthplace, parents' names, Social Security number, height, weight, spouse’s name, address, and more.
Data broker usage: Data brokers find information on your search history, social media, and transaction records and sell that for a profit; anyone who wants to dox can easily purchase this information with few barriers to access.
Phishing: By leveraging a fictitious business, persona, or scenario, phishers trick the target into clicking on malicious links that allow them to access their target’s device and the personal information stored on it.
As you can see, doxxers have several tools and tactics at their disposal to find private information. Read on for strategies you can use to stop them.
How to protect yourself from doxxing
There’s no sure-fire way to stop yourself from getting doxxed, but there are a few tactics you can use to make it less likely. Here are some tips to help you ward off attacks.
Be careful how much you share online: When signing up for social media accounts, don’t make personal details like your birthday, hometown, high school, or employer public. Also, never upload or publish your Social Security number, home address, driver’s license number, bank account number, or credit card number.
Don’t antagonize others: Be careful about what you say online—even if you hide your face and name behind a false identity, someone with enough time and skill will likely be able to find identifying information on your account. People are also more likely to seek out this information if you are unkind or antagonistic toward them.
Delete social media profiles that aren’t in use: Don’t allow doxxers to search through old posts that may have aged poorly or give them insight into your life—delete content that is no longer important to you and close old accounts.
Update privacy settings: Configure the privacy settings on your social media profiles to keep your accounts secure and hold doxxers at bay.
Use a virtual private network (VPN): A VPN can shield your address, private information, and browsing history from doxxers by masking your device’s internet connection.
Get creative with your usernames: A doxxer can track your username across the internet to find your posts on online forums, message boards, and social media platforms like Instagram, X (formerly known as Twitter), and Reddit. Unless it’s a part of your brand, consider using different usernames for each account.
Learn to identify phishing schemes: Doxxers might use phishing to trick you into sharing private information or downloading malware. To avoid phishing, be wary of businesses asking you to click a link to complete a task or navigate to another page.
Create strong passwords: Use strong, unique passwords on every site—especially on accounts you use to manage your finances and work communications.
Use a variety of email addresses: Compartmentalize different parts of your life using unique emails to make it difficult for attackers to access your private information and to limit damage in the event of a doxxing attack. For instance, you might want to create separate email accounts for commercial mail, social media, work, and school.
Finally, you can invest in security software like Norton 360 with LifeLock Select. Antivirus tools often come with a built-in VPN and a variety of other features that help stop hackers from accessing your device, protecting you from identity theft attempts. If you use the internet, you can benefit from supplementing your device’s security system with strong security software.
Doxxing is often followed by serious consequences. For example, your employer might discover past social media messages you’re ashamed to have written, your home address might appear online, leading to vandalism or theft, or someone might list your telephone number on message boards, leading to late-night prank calls.
To limit the fallout after a doxing attack, follow these steps:
Report it: You can report doxxing on the platform it occurred on, as this is typically a breach of the terms of service agreement. On platforms like Instagram, you can shake your device and immediately share details about the attack. Most other apps allow users to make a report directly on the post or in the privacy settings. Typically, the company can remove posts that infringe on community guidelines and ban the offender.
Document what's happened: Take screenshots or download information about the doxxing attack. This can help law enforcement or other agencies investigate the attack.
Involve law enforcement: Contact local authorities immediately to file a report if a doxxer threatens harm or commits a crime against you.
Protect your financial accounts: If you suspect an issue, alert your bank or credit card provider and ask them to replace your credit cards and enable fraud detection.
Keep yourself safe from the dangers of doxxing
Doxxing attack prevention starts with you. Keep your private information safe by limiting what you publish online and how much information you share with strangers. Additionally, you can use antivirus software like Norton 360 with LifeLock Select to help secure your communications behind a VPN, preventing information, data, and identity theft.
Learn more about the nuances of doxxing and how you can accurately identify an attack.
How did doxxing start?
In 2017, Wired pointed to a 1990s non-internet doxxing attack on a U.K. organization focused on improving race relations. In this case, a far-right group scrawled a government official’s phone number in public restrooms, leading to an onslaught of disruptive late-night calls.
Initially dubbed “dropping docs,” this concept soon found its way online and evolved into “dropping dox,” which is a common strategy for cyberbullying and harassment.
What is the difference between doxxing and swatting?
Doxxing entails publicly exposing someone’s private information without their consent to cause harm—generally exposing the target to unsolicited visits and attacks. Swatting is an illegal hoax related to doxxing, which entails making a false call to the police or emergency services in order to get them to send a large-scale armed response team to a victim’s house.
What is consensual doxxing?
In consensual doxxing, the person being doxxed agrees to let someone find and disclose their information for a specific purpose or scenario—often for training.
Consensual doxxing has also become a trend on TikTok, with users challenging pro sleuths and doxxers to uncover private details like their address or age using only the information they have posted online for entertainment.
How can I tell if I’ve been doxxed?
The most common way people realize they’ve been doxxed is when they start to notice the consequences. However, you can also find out if someone is leaking your private details by:
Searching your name online
Checking social media
Taking notice of calls and messages from people you don’t know
Luis Corrons is a Security Evangelist for Gen (Avast, AVG, Avira, Norton) & leads boards at AMTSO & MUTE. He is a prominent speaker at industry events.
Editorial note: Our articles provide educational information for you. Our offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about Cyber Safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses. The Norton and LifeLock brands are part of Gen Digital Inc.