The internet has made people across the world been so interconnected. The medium has made it possible for anyone with a device capable of connecting to the internet to instantly communicate and interact. This fact alone has spawned endless positive collaborations and advancements. However, it would be naive to ignore the negative consequences of this, too. Certain individuals use the internet for a range of malicious activities, including the collection, sale, or exploitation of personal data.

Anonymity plays a huge part in why the internet is how it is today. Being anonymous promotes online interaction, free speech, and the general use of the internet. But when this anonymity is threatened, it can have severe real-world consequences.

This article will discuss the topic of doxing. It will cover the basics, such as what doxing is to the more technical details, including how doxers can gather personal data, whether doxing is illegal, and how you can protect yourself from being doxed.

What is Doxing

What is doxing?

Doxing (or doxxing) refers to the process of collecting and releasing an individual's personal information with malicious intent. The word doxing comes from the word “documents”, referring to pieces of personal information. The perpetrator uses doxing as a way of harassing, exposing, or exploiting an individual for political, financial, and other motives.

Information collected in doxing attacks is anything that can be used against the target individual. This includes personal data such as home addresses, phone numbers, real names, jobs, and other records. Crucially, this data was not publicly available (at least not easily) before the doxing attack.

How does doxing work?

Doxing may sound like a complicated process - but it can be worryingly simple. Even a moderately proficient internet user has the skills and tools necessary to dox someone.

Doxing is made possible because of all the personal information that exists on the internet. In many cases, people are not aware of how much of their information exists on the internet. Doxing becomes particularly scary when different sources of information are combined to form a more complete dossier of an individual. Your social media account alone may not reveal anything significant about yourself, but when combined with the information available from other sources, people can find out plenty.

Once this information is collected, it can be leaked and spread publicly around the internet. Doxing has the potential to cause serious real-world ramifications such as identity theft, blackmailing, damaged reputations, and more.

Why is doxing so prevalent?

It has been reported that over 21% of Americans have been doxed at some point in their life. Doxing is a problem around the world largely because of how easy it is to do. It can be as simple as stalking social media accounts and collecting data, even though some doxers go to more extreme lengths and more hidden sources.

Motivations behind doxing

There is a wide range of motivating factors behind doxing attacks. Some include:

  • Humiliating the victim
  • Intimidating or blackmailing them
  • As a form of revenge or retaliation
  • Exposing someone or ‘bringing them to justice’ for a perceived wrongdoing
  • Political motivations

Different types of doxing

As mentioned, information can be found all over the internet through a range of different methods. Here is a breakdown of some of the main types of doxing. This list is not exhaustive, and doxers can get incredibly creative in sourcing their information.

Username pairing

Username pairing is one of the simplest ways of doxing. It involves searching different online platforms for usernames that can be traced back to the same individual. This process works so well because people have a tendency to use the same or very similar usernames across different platforms.

Username pairing can enable the doxer to gain a much more complete picture of the target individual. For example, a name and phone number from Facebook can be paired with an address from Instagram and even credit card information from a nefarious data broker. Each of these sources alone can be worrying, but together they are even more threatening.

Social media stalking

Social media has become an inseparable part of everyday life. Millions of people post seemingly harmless snippets of their everyday life on social media platforms without setting their profiles as private. In doing so, doxers can stalk their victim’s profile and learn lots about their life. Information about your friends, pets, travels, hobbies, habits, and more could potentially be deduced and used in a doxing attack.

Sometimes, doxers will be able to use this information to answer security questions. This could be their route to gaining even more personal information about the victim.

WHOIS searches

WHOIS is a protocol used to communicate with databases that hold information including the profiles of those with registered domains. Depending on the privacy settings used by domain owners, their information may be easily accessed through a WHOIS search. Everything from names, phone numbers, addresses, business information, and emails can be found through WHOIS searches.

These searches are incredibly easy to do and require no special authorization, expensive software, or niche knowledge.


Phishing is a method of cyber attack where the malicious individual crafts a genuine-looking email to deceive the recipient. Phishing attacks are done for a wide range of motivations, including extracting money, installing malware, or providing sensitive personal information. Sometimes, this personal information is then used in a doxing attack.

There are many different types of phishing attacks. Using social engineering tactics, cybercriminals exploit new, negligent, or unaware employees to an unfortunate degree of success. Read more about phishing here.

IP address tracking

If the doxing victim is not using a VPN or proxy server, their IP address is easily found using simple lookup tools. Since your IP address is linked to a physical location, it can be used to gain even more information about you. One common way is to trick the victim’s ISP into providing more information. This can be done through a spoofing attack whereby the doxer impersonates someone credible to gain access to more information about the victim. ISPs hold plenty of private information about their clients including social security numbers, addresses, names, phone numbers, dates of birth, and much more.

Packet sniffing

Networks operate through the constant exchanging of packets. Packet sniffing is when someone uses a packet sniffer tool to detect, read, and spy on packets of data being sent through a network. While there are some legitimate reasons to packet sniff, plenty of cybercriminals, including doxers, use packet sniffing to spy on an individual. By having a window into their target’s internet activity, they can gain lots of information to later use in a doxing attack. Packet sniffing is a complex process itself - to learn more about it, read our blog here.

Data brokers

A data broker is someone who collects, logs, and then sells personal data to third parties. Data brokers use a huge range of techniques to find out information about individuals who use the internet - including you. Depending on the individual, information as detailed as recent search histories, sensitive personal information, and much more, is kept by data brokers. Doxers can use data brokers to buy and learn lots about their doxing victims.

Reverse phone number lookups

Phone numbers are a relatively easy piece of information for doxers to obtain. Once they have their target’s phone number, they can do reverse phone number lookups on one of many sites to find out more about the owner. As with many other methods of doxing, this one tiny piece of information can reveal a little more about the victim - which can be used to reveal more, and so on.

Is doxing illegal?

Some notable examples of countries where doxing is specifically referred to in legislation include China, Hong Kong, South Korea, and certain US states. In most countries, however, the act of doxing in itself is not illegal. Most of the information doxers collect is publicly available and was legally published. Rather, it is the usage of this information where most doxers run into trouble with the law. Unsurprisingly, doxing can be easily linked to other criminal charges such as harassment, stalking, identity theft, and more.

How can you prevent being doxed?

Doxing relies on there being information about you publicly available online. Therefore, you can prevent being doxed by minimizing the amount of your personal information floating around the internet. There are several ways you can do this, but it’s best to work backward. Start by attempting to dox yourself to see exactly what information is out there about you. This will help you understand where you may be more vulnerable and what areas can be made more secure.

Here are some steps you can take to stay safe from doxers:

  1. Use a VPN or proxy to hide your IP address and encrypt data. VPNs and ​​proxy servers are both effective ways to hide your IP addresses. VPNs in particular have been made far more accessible thanks to numerous third-party vendors - many of which promise to not keep any logs of your online behavior. VPNs are also capable of encrypting your data, which is great protection against packet sniffers.
  2. Keep your social media profiles private. This is a simple yet effective way of preventing doxing attempts. Without an easy place to start, many potential doxers may be discouraged. Furthermore, many people would be surprised just how much information sleuths can find out about yourself solely through your social media profiles.
  3. Use different usernames across platforms and avoid using real names. One of the easiest ways for doxers to link different social media accounts is through matching usernames. If you keep a different username for each platform, and avoid using your real name, doxers will have a much harder time linking your various accounts.
  4. Don’t link your accounts through third-party logins. It’s become common for companies to offer account logins through third parties like Google and Facebook. Since so many people already have accounts on these platforms, it’s far easier to keep everything under one badge. However, this is not necessarily the safest thing to do in terms of cyber security. Logging into sites and apps through these profiles means they can gather much more data about you than necessary. This will only contribute to the amount of your personal information on the internet. Additionally, if your Google, Facebook, or other third-party account gets hacked, all other accounts are rendered vulnerable as well.
  5. Use Google Alerts. Google Alerts is a service offered by Google to notify you of any new content or modifications to existing content for a particular search term. You can use this to keep track of your personal information on the internet.
  6. Request the removal of personal information. If you have found personal information of yours through a data broker, you can request them to take it down. They are legally obliged to comply with this request, although it may take some time and effort.
  7. Educate yourself on the warning signs of phishing emails. Phishing attempts rely on the victim being completely unaware. If you understand the warning signs of a phishing attack, you will be much more likely to spot one and report it immediately. Read more about phishing attacks here to get a better understanding.
  8. Hide your domain registration information. If you own a domain it’s a good idea to hide the registration information from WHOIS searches. This should be simple to do, but you can always ask your website or domain host for help.

What do you do if you are doxed?

Taking all the above measures to prevent being doxed is crucial. However, you should always be prepared for the unfortunate event that you have been doxed. Here are some steps to take:

  • Private all your accounts, if not done already.
  • Change your passwords and inform any crucial institutions such as your bank that you have been doxed.
  • Be ready to involve law enforcement if you think the doxing has crossed over to harassment, threatens you in any way, or suggests violence.

How doxing relates to swatting

Doxing can be taken a step further by the attacker, in some cases leading to swatting attacks. Swatting is when a cybercriminal learns of the victim’s address (sometimes through doxing), and calls police with a fake report suggesting dangerous activity. Swatting can have potentially catastrophic consequences for the victim who is many times totally innocent. Learn more about swatting.

Learn more about cyber security with Sangfor

Sangfor is a leading vendor of digital solutions helping organizations drive their process of digitization and stay safe from cybercrime.

To learn more about doxing attacks or for any questions, do not hesitate to get in touch.

Listen To This Post


Get in Touch

Get in Touch with Sangfor Team for Business Inquiry

Related Glossaries

Cyber Security

What Is Malicious Code and How to Avoid It

Date : 01 Jun 2023
Read Now

Cyber Security

What is VoIP - Voice Over Internet Protocol?

Date : 25 May 2023
Read Now

Cyber Security

What is Spyware and How Does It Work?

Date : 24 May 2023
Read Now

See Other Product

Cyber Command - NDR Platform
Endpoint Secure
Internet Access Gateway (IAG)
NGAF - Next Generation Firewall (NGFW)
Sangfor Access Secure
icon notification