Protecting Yourself Against Doxing
Doxing is the act of searching for people’s personal information over the internet. The term comes from “document tracing,” which involves collecting documents belonging to a person or company to learn more about them.
A revenge tactic, doxing and involves the malicious targeting, compiling and public release of personally identifiable information (PII) to perpetrate harassment, revenge, identity theft or potential violence against a target.
Once targets are identified, hackers scour the internet for information such as home address, Social Security number, date of birth, private phone numbers, email addresses or photos. They use public records, such as property records and tax documents, and search social media and real estate websites. The hackers then publish the information online.
The N.C. Department of Information Technology strongly recommends anyone who could be a potential victim of doxing take proactive steps to limit their online presence and have personally identifiable information (PII) removed, whenever possible.
Protecting Yourself from Doxing
- Check privacy settings on social media accounts and implement the strongest controls possible.
- Deactivate or delete any social media or online dating profiles you no longer use.
- Review your friends and followers. Unfollow and reject requests from anyone you don’t know.
- Assume everyone can see information about your activities, personal life or professional life that you post and share. Don’t post anything you would be embarrassed for everyone to see.
- Check your posts for PII (e.g., your date of birth, telephone number or address) or images that identify your location, job, hobbies, family or friends. Remove those details or delete the posts.
- Search social media for tagged photos of you and your family and remove the tags.
- Become educated on email phishing and spear phishing techniques, which are aimed at getting your personal information.
- Never respond to email requests for PII, login credentials or financial information.
- If you receive an email containing a link or attachment from a seemingly legitimate sender, send an email, call or text the individual to confirm its legitimacy before opening or clicking any links.
- Conduct frequent internet searches about you and your family. Look for PII and photos. Contact the website’s webmaster to remove any information you might find.
- Be aware of where your personal email address is on the internet. Remove it, as well as any personal contact information, from any websites, social media sites, online directories or wherever else it might be.
- Don’t store unencrypted files containing Social Security numbers or sensitive PII in the cloud (e.g., Google Drive, Dropbox, etc.).
- Don’t send unencrypted documents containing Social Security numbers or sensitive PII via email.
- Don’t store unencrypted documents or forms containing Social Security numbers or sensitive PII on your computer hard drive.
- Don’t sign up for accounts on websites if you don’t have to do so.
- Keep the operating systems, applications, antivirus solutions and essential software up to date on all your devices to help prevent potential exploitation. Set the devices to install updates automatically, whenever the option is available.
- Reconsider using applications and devices that use geo-tracking features. If you do use them, review their privacy settings.
- Delete unneeded applications on your mobile devices to ensure they aren’t tracking you.
- Never auto-save contact information when prompted by your operating system, browser, website or applications.
- Avoid using third-party applications. If you must use them, don’t allow the applications to access your social networking accounts, friends list or address books.
- Have technology experts regularly check personal devices for compromises.
- Use a passphrase instead of a password. Use multi-factor authentication whenever possible.
- Follow strict security protocols on all devices and online accounts. Use at least 10 characters and include uppercase and lowercase letters, numerals and symbols.
- Don’t share your password or passphrase with anyone.
- Don’t use “Remember Me” features that allow you to save passwords or stay logged in to websites.
- Don’t use the same password for different accounts or applications.
- Make sure passwords and passphrases for your financial sites are different than other passwords.
- Change passwords at least every 60 days or immediately following a potential compromise.
- Monitor credit reports monthly. Consider purchasing credit monitoring from a trusted service.
- Consider getting a security freeze, which blocks access to your credit unless you have given your permission. (Get more information.)