Geekflare is supported by our audience. We may earn affiliate commissions from buying links on this site.
In Privacy Last updated: September 1, 2023
Share on:
Invicti Web Application Security Scanner – the only solution that delivers automatic verification of vulnerabilities with Proof-Based Scanning™.

With the rapid increase in technology adoption, cyberbullying cases are also rising. Cyberbullying is using technology to threaten or embarrass someone, making the individual feel vulnerable or endangered.

Our personal information is readily available on the internet, making it easily accessible to bullies/attackers for unlawful acts. This article will look at one type of cyberbullying, doxxing, what it is, and how to protect yourself from being doxxed.

What is Doxxing?


Doxxing, derived from the word document or dox, is the act of gathering and exposing someone’s personal and private information with the sole aim of harassment or inflicting danger.

Doxxing involves the searching and revealing of users’ sensitive information such as their home address, phone number, financials, SSN, criminal records, and other sensitive information that will naturally not be disposed to the public domain due to sensitivity.

Anyone is liable to be doxxed. Prominent figures such as politicians, leaders, celebrants, etc., are among the majority of people who have been doxxed by individuals who hold a contrary belief or ideology and decided to carry out an act of revenge on them by exposing their information to the public, in such a way as to damage their reputation or get back at them.

How Doxxing Attacks Occurs


Our information is scattered across the internet, from the various sign-ups and forms we fill to our social media interaction, etc. Gathering and digging up information could be easier than you think. The doxxer aims to gather this information scattered all over to create an accurate profile of the target person. 

From a post of your last vacation, a hacker can use that information to search your travel information to know your departure country and other information about you.

Our activities on the internet could be seen as breadcrumbs that, when pieced together, expose your true identity. Let’s review how these dox attacks occur.

#1. Phishing 


Phishing is a form of social engineering where scammers/hackers manipulate or deceive people into sending information to the wrong person, leveraging human errors and emotions.

For example, when a user receives a mail posing to be from their financial service provider, stating an unusual activity was noticed on the account that needs urgent fixing to avoid service disruptions.

This type of mail contains external redirect URLs that link you to a fake portal that may sometimes be a clone of the actual portal. Making the user insert their credit card and other vital information without further verifying the authenticity of the issue. The doxxer can then use this information to dox the user.



One way a user’s information can be doxxed is when the user/organization has a registered domain name. All domain names are in a registry publicly made available by WHOIS search. In the incident where the information of the user that purchased the domain was not adequately secured, it make their data vulnerable to be dox.

#3. Packet sniffing

Another method through which doxxers could get information about their target is packet sniffing. Through the process of intercepting the victim’s internet traffic, looking for information such as passwords, credit card information, and home addresses, or getting away with important mail or documents, when the attacker is done, they disconnect themselves and reestablishs the user network. 

#4. Social presence stalking 

Watching screen IDs

Most individuals use the same username across multiple social platforms for easy identification, making it possible for attackers to establish a digital trail of their target and acquire knowledge based on the user’s social presence by stalking the target over multiple social platforms.

The various social platforms collect different information ranging from name, date of birth, residential address, vacation post, trips, and more. There is just a vast amount of information that, when put together, could uncover a target’s true identity and information.

#5. IP tracking

The IP addresses of a device can be used to track and pinpoint the physical location of that device. Doxxers could use social engineering to trick the user into visiting a URL or opening a message to which they have attached a secret code, making it possible for the attacker to access the user’s IP address.

#6. Reverse phone lookup

With your phone number, the attacker could carry out a reverse phone lookup with sites such as white pages. These sites provide users with details of an individual by just having access to their phone numbers.

With the amount of information tied to our personal phone numbers ranging from financial records, personal data, social security data, address, date of birth, and a lot more. Attackers could have access to this information using the process of reverse phone number lookup.

#7. Checking government records


Government record holds most of our personal information that could be used to expose anyone’s identity and real-time information.

Our birth certification, voter registration and weight, height, criminal records, home address, next of kin, the information available on these records is endless. Any attacker that can access the government record will most likely know its target’s true identity and have full information about the individual.

#8. Data brokers

Data brokers source public information of individuals and have them stored to be sold to any attacker to make a profit, not minding who is buying it or what it will be used for.

Although data brokers are not only used by scammers, they are also used by advertisers to get information about their target audience and to create campaigns that will be personalized to their target.

Nevertheless, this information could also be handed to scammers who could use it in a manner that endangers the individual being doxxed.

What Type of Information does Doxxer look For?


Doxxing has gradually become a tool for doxxers to target people or groups with opposing views by exposing their target personal information publicly, endangering them in any manner. Some of the information that doxxer look for includes:

  • Home address
  • Personal phone number
  • Email address
  • Social security numbers
  • Credit card information
  • Employment and education records
  • Passport records
  • Criminal records 
  • Embarrassing details.

With the world tilting towards going fully global and digital, anyone with access to the internet and determination to expose a target can easily piece information over the web and establish the true identity of a particular user.

Types of Doxxing


We have seen the various data that doxxers can gather and how they can leverage various methods to acquire user information. Doxxer will require multiple sources to gather their information when targeting an individual or business. Some of the most common types of doxxing are as follows:

#1. Identity doxxing

Identity doxxing involves the revealing of an individual’s identity or personal information such as full name, date of birth, gender, phone number, email address, and any details that could be used to identify the individual.

#2. Celebrity doxxing

Bloggers and journalists will always find the latest gossip or personal life discovery to serve their ever-anticipating audience, which cannot be considered doxxing. Celebrity doxxing happens when hackers push out celebrities’ sensitive/private information.

For example, Elon Musk the Owner and CTO of X (formerly Twitter), suspended the profile of some accounts that were always publishing the location of billionaires, government officials and others, including his own plane.

#3. Political doxxing

Doxxing has also been used in politics where a rival candidate’s private information is being exposed to threaten them to withdraw their political aspiration or used against people in leadership to threaten them to fulfill a deed or get their information leaked.

Doxxing, in this case, can be from the rival candidate or supporters of the candidate. For instance, Jackson Cosko, a House fellow of the Democratic party, allegedly posted the private information of some senators who were involved in the hearing of Supreme Court nominee Judge Brett Kavanaugh and was arrested on the 3rd of October, 2018.

#4. Swatting doxing

Involves using somebody’s information to report a crime, accusing the individual of a crime that will require the response of the police SWAT team.

An example of swatting doxing happened in December 2017 between gamer Casey Viner, Shane Gaskill, and Tyler Barriss, where the house address of an innocent man, Andrew Finch was given to the police stating that he had killed his father and held other house members hostage, which led to the sad incident where Finch was shot and killed.

Impacts of Doxxing

Social Media Anxiety

Just as every other crime that aims at placing others in the line of danger, doxxing has had its own share in destroying people’s reputations and has even led to the end of life, as in the incident involving Andrew Finch.

Privacy invasion

When an individual’s private information is exposed, it leads to privacy invasion, which could lead to mental and emotional stress on the victim, leaving them with anxiety, stress, and the feeling of being vulnerable.

Damage reputation

An Individual reputation could also be damaged when an individual has been wrongly accused of an act they never committed and possibly handed to the authorities. If the individual is later found not guilty, the damage has already been inflicted on the individual, which could lead to other consequences, such as the loss of a job.

Harassment and threat

Doxxers who want revenge on a person opposing their ideology will expose the individual details, such as home address and person phone number, to a group of people who share their ideology to send a threatening message and harassment at their home or work environment to the individual.

Impact on family and friends

The family and friends of target victims of dox attacks could also be affected by the exposure of the individual information. This could result in the exposure of their own personal information, making them also a target of harassment.

What to do if you are Doxxed

In the occurrence you are being doxxed, it is not the end of the world. Doxxing is still considered illegal when used to expose data that has not been publicly made available and is a breach of piracy policies. Here are actions to take when you believe someone is doxxing you.

  • Assess threat level: If you discover that your information has been exposed, it is very important to assess the threat level that information poses to you to ensure you guarantee your immediate safety. If there is a high probability of the information posing a serious threat to you, report it and involve authorities if required.
  • Report it: Seeing information you have not publicly made available being leaked by someone else should be immediately reported to the platform in which it was posted to avoid further information being leaked and ensure that the account perpetrating that act is sanctioned.
  • Involve authority: Any threat that could place you in harm’s way or position you in a manner that could be incrimination should be immediately reported to authorities to avoid jeopardizing your safety and ensuring that you are not framed for a crime you did not commit.
  • Document evidence: Documentation of evidence in this scenario is very important to serve as proof of the incident. Taking a screenshot of the information being used and the name and details of the account that published the record will help law enforcement and agencies track down the attacker.
  • Secure account: Doxxers could leverage an account with weak security mechanisms to access users’ information. It is important always to use strong passwords and 2FA authentication when possible to secure your account from being easily hacked. If you notice a breach or attempted breach to your social accounts, ensure you perform a security reset and review your security settings.

How to Prevent Doxxing

Protection Accessible Permission Verification Security Concept

Since staying offline in this present-day society is almost impossible because of how interconnected our world is, how can we successfully prevent or protect ourselves from being doxxed?  Although scammers are always devising new means to break into the system, applying some basic safety measures can help prevent your profile from being doxed. Here are some of the ways to achieve this:

Protect IP address using VPN


An IP address can be used to track a device to its physical location. VPN helps shield your device’s IP address from being exploited by scammers, providing you with a layer of security and allowing you to browse the internet anonymously, keeping your information private and ensuring you are not exposed to phishing, packet sniffing, or IP address theft. 

Unique password

Most platforms are authentication require a user to enter a username and password. It is probably a very bad idea to have passwords like 123456 or ABCD1234 because these passwords can easily be cracked. Today’s Platforms try to ensure that users use a specific pattern combination to ensure that passwords are hard to guess.

Using a combination of alphabet (upper and lower case), numbers, and special characters is a better combination to be used. Using a different password for every account also helps protect against a complete account breach in case your password gets exposed.

Avoid the same username

Using the same username on every platform may sound cool and give you a single online presence, right? The downside to this is that you have a single level of exposure. If a doxxer happens to get access to an account with your username, the probability they will be able to stalk you on all other platforms to get more information about you is high. Making the cool side of having a single username on the internet sounds scary.

Email address for specific use

Using a different email address for a specific application will give you a layer of security compared to using a single mail for all use cases. Having one mail for social platforms, another for financial applications, and so on. This will ensure that a leak in one of your mailing addresses will not make all your data vulnerable to doxxers. 

Privacy setting and maintaining privacy

Major platforms have included privacy settings specifically to help you regulate how your information is being made public. Ensuring you enable this setting to your personality is important, helping you regulate what information is given up.

Keeping private matters private is also essential to avoid exposure; knowing what is okay to post and what is not could help reduce the amount of information that could be used to have access to your private information.

Third-party authentication


Having the option to sign in with Google, Facebook, GitHub, etc, or other social login has become normal today. It is important to know that when you use this third-party authentication method to sign in to a platform, you are giving authorization to that platform to access your personal data.

Ensuring you know what this platform will request access to is important because if there is a breach in that platform, then your information is vulnerable to being exposed on the internet.

Doxxing yourself and clearing your data

Occasionally, Google your profile to know the search results. This will help you understand how much of your information is being exposed online. To give you a first-hand look at what a doxxer is liable to make hold up and help you clear up your profile.

Search also helps you know if a data broker has acquired your information. Data brokers could hold a lot of information from medical records, financials, criminal, and anything that they have access to. Knowing if your record has been added to any of these brokers helps you request that your information be deleted from their records. The data brokers are obligated to delete your information once you have made the request.

Multi-factor authentication

Multifactor authentication adds an extra layer of security to your login credentials, in the condition that your login details are being exposed the two-factor authentication, which could be the use of a unique key from an authentication app, a code sent via SMS or email, and so on will be required to grant the hijacker actual access into your account.

Wrapping up

While the overall security of the various platforms we use is not the responsibility of the users. Users need to enable some preventive means to safeguard their information online. Ensuring that only information you want public is uploaded to the internet is crucial to reducing the risk associated with cyberbullying. 

Doxxing is a severe crime and a violation of privacy; being mindful of the information you share that could be used to access you both online and offline helps mitigate some of the damages that could occur in the event of a dox attack. 

You may also explore Password Spraying Attack.

  • Aminu Abdullahi
    Aminu Abdullahi is an experienced B2B technology and finance writer and award-winning public speaker. He is the co-author of the e-book, The Ultimate Creativity Playbook, and has written for various publications, including Geekflare,… read more
  • Narendra Mohan Mittal

    Narendra Mohan Mittal is a versatile and experienced digital branding strategist and content editor with over 12 years of experience. He is a Gold Medalist in M-Tech and B-Tech in Computer Science & Engineering.

    Currently,… read more

Thanks to our Sponsors
More great readings on Privacy
Power Your Business
Some of the tools and services to help your business grow.
  • Invicti uses the Proof-Based Scanning™ to automatically verify the identified vulnerabilities and generate actionable results within just hours.
    Try Invicti
  • Web scraping, residential proxy, proxy manager, web unlocker, search engine crawler, and all you need to collect web data.
    Try Brightdata
  • is an all-in-one work OS to help you manage projects, tasks, work, sales, CRM, operations, workflows, and more.
    Try Monday
  • Intruder is an online vulnerability scanner that finds cyber security weaknesses in your infrastructure, to avoid costly data breaches.
    Try Intruder