Even if you’re not in the public eye, just the fact that you have a digital footprint means you and your sensitive financial information could be exposed to the growing doxxing epidemic.
What is doxxing?
“Doxxing is searching for and exposing personally identifiable information for a particular individual on the internet; usually it’s done with malicious intent,” explains Kristen Wilson, founder and vice president of product and marketing at Password Ping, an enterprise internet security solution. In essence, it’s a form of online harassment that can cause a lot of headaches as well as expose one’s information to financial fraudsters and identity thieves.
For example, a doxxer might create a website or social media profiles using the victim’s name, which may reveal private information or embarrassing photos. Another form of doxxing could be if someone posts your photo, name and contact information on social media claiming you were responsible for some terrible act, unleashing the trolls on you. And then there’s the doxxing that you might not see – the kind in which all of your credentials are compiled and posted on sites frequented by hackers and other digital criminal types.
7 ways to outsmart doxxers
The tricky thing is that doxxing is often just the curation of various pieces of information that you have innocently put online, on social media, or just by being careless. That’s why, in many cases, if the information is gathered legally, doxxing isn’t technically a crime.
“It’s kind of like Hansel and Gretel,” says Ron Schlecht, managing partner of BTB Security, an information security firm. Doxxers follow your trail of information breadcrumbs, using everything from any message board activities and tweets, to items that only exist on the dark web.
“Right now, in the U.S., there’s not a good way for us to look for the information we would consider private and try to get rid of it online. We put a lot of information out about ourselves, and don’t read a lot of the privacy notices we’re given. There’s just not a good way to clean the slate,” he says.
A recent study by New York University Tandon School of Engineering and the University of Illinois at Chicago (UIC) revealed the types of information that is typically exposed by doxxers:
- 90 percent of the time, the victim’s address is listed
- 61 percent included a phone number
- 53 percent included an email address
- 40 percent shared online user names and IP address
As for sensitive financial information? It’s less common, but it does happen.
- General financial information was included 8.8 percent of the time
- 4.3 percent revealed credit card numbers
- 2.6 included Social Security numbers
How doxxing can impact you
Wondering what the big deal is? For starters, doxxing can ruin your reputation, such as if your chat room comments or other “anonymous” activity ends up being outed. Remember the Ashley Madison scandal? Beyond personal embarrassment, doxxing can also put your private information in the spotlight, which opens you up to identity theft, says Wilson.
“With enough private information exposed, doxxing can lead to criminals potentially stealing your online identity, which is where the financial risk occurs,” says Wilson.
And, although doxxing has traditionally been used as a form of revenge or as a way to discredit others, no one is really immune to being doxxed, say experts.
“There are people who actually dox as a hobby. There are even people who collect massive amounts of dark web data for their private use in order to dox people they perceive to be their enemies,” says Wilson.
Criminal hackers are just simply mischievous by nature, says Robert Siciliano, identity theft expert with Hotspot Shield, a Virtual Private Network provider. “They will dox someone without justification just simply because they can. And with 12 billion records compromised between 2016 and 2017, it’s likely that you have already been doxxed and just don’t know it,” he says.
How to outsmart the doxxers
Although you can’t totally prevent doxxing, just as you can’t prevent identity theft, you can defend yourself and divert doxxers onto more vulnerable targets. Here are some doxxing deterrents recommended by digital security experts:
1. Rethink how you use passwords
Most consumers have very easy-to-crack passwords like 123456 or “princess,” says Siciliano. But what’s worse is they use the same password across multiple accounts. All it takes is one look at your browser history, and hackers can figure out where you do business, who you bank with and which credit cards you have. “Bad guys have automated tools to plug in known usernames and passwords for American Express, Visa, Mastercard, iCloud, Amazon, Ebay, etc. Effective password management means you must use a different password for each account,” he says. He recommends using password manager software – LastPass, Dashlane or Keeper Security are three popular ones – to create robust passwords and keep them organized.
2. Use two-factor authentication on your critical accounts
Yes, it might be annoying to wait for and input that text message code you get on your phone every time you try to log in to your Gmail account on your laptop, but it’s a strong layer of protection you should take advantage of, says Siciliano.
3. Avoid storing credit card information on merchant sites
It’s probably OK for a major retailer you use frequently like Amazon, says Wilson, but your local sandwich restaurant probably doesn’t have deep website security expertise to ensure your data is protected.
4. Don’t post anything online that you would not say publicly in real life
“You need to assume that if you are in any sort of chatroom or forum, your real identity can be exposed by hackers, or even people who simply disagree with what you say online,” says Wilson. Also, be mindful about questions you ask or comments you leave on review sites. For instance, go on any financial advice site and you’ll see questions like: “I applied for an upgrade to my Mastercard and was rejected even though I have a 700 credit score. How come?” If you posted that inquiry, you just told the world what your credit score is, and that you have a Mastercard – tidbits that can be useful to someone who is building your doxxing dossier. “The more details out there, the easier it is for someone who is trying to impersonate you to get even more information,” says Schlecht.
5. Stop taking social media quizzes
Some of the information you supply on those silly Facebook quizzes could come back to bite you. “They expose personal information – like the make and model of your first car – that also happen to be the answers to those password hint questions needed to reset your passwords or access your accounts,” says Wilson.
6. Use a VPN
If you’re using public Wi-Fi, your information is not encrypted and your device can be easily hacked, says Siciliano. “Virtual Personal Network or VPN software can be installed on laptops and tablets and phones to encrypt your data so no hackers can get in,” he says.
7. Monitor your financial accounts
“It’s all about taking the right precautions with your finances,” says Schlecht. That includes looking over your statements carefully to spot any fraudulent activity. You can also try setting up text/email alerts so you are made aware of any transactions that take place and can spot any fraudulent activity right away.
See related: Why should I opt-in to credit card issuer text alerts?
Although the likelihood of someone specifically targeting you in a doxxing attack is probably low if you’re not a public figure or political activist, it’s still wise to take precautions. “Doxxing is simply a symptom of what’s going on in the world,” says Siciliano. “The best you can do is to try to minimize the risk and manage the damage.”