Don't Get Doxed!

The information in this newsletter is for informational and educational purposes only. If you ever feel that your safety is at immediate risk, contact your local emergency services.

Doxing (sometimes written as ‘doxxing’) is the malicious act of collecting and publicly sharing an individual's personal information without their consent. This sensitive data can include email addresses, home addresses, phone numbers, places of employment and even details about family members. The term itself originates from early hacker language, where "dropping docs" referred to the act of exposing sensitive documents about a target.

These types of cybercriminals, often referred to as "doxers," leverage social media platforms, online forums and various websites to disseminate this private information. Their primary intent is to intimidate, harass or retaliate against their targets.

While some incidents may seem relatively minor, such as signing someone up for spam emails or prank deliveries, there are others that can have severe consequences. Victims of doxing have reported stalking, identity theft, job loss and even threats of physical harm. In the most extreme situations, the danger can escalate rapidly, leading to tactics like "swatting."

Reduce Your Risk of Being Doxed

• Strengthen your online privacy. Set all social media accounts to private wherever possible. Limit who can view your posts to trusted friends or connections. Remove personal details such as your home address, workplace, school/university and location data from your profiles. Disable location services on apps that don’t require them for core functionality.
• Be careful what you share. Avoid posting anything that could reveal exactly where you live or frequently visit. Never share sensitive personal information publicly in pictures, videos or live streams. Use caution even in casual conversations. Think long-term; once something is online, it can be difficult to fully remove and is likely on the web forever. Analyze and adjust your social media settings. Make sure that profiles, usernames and handles are kept private.
• Secure your accounts and internet connection. Use strong, unique passwords for every online platform. Avoid reusing usernames and passwords across multiple sites. Enable multifactor authentication (MFA) wherever possible. Avoid using public Wi-Fi for sensitive activity; if necessary, use a virtual private network (VPN). Turn off public network sharing features on your devices.
• Clean up your digital footprint. Regularly search your name online to see what information is publicly available about you. Request removal of personal data from websites and data brokers whenever possible. While some services can assist with this process, they may require significant effort to navigate. Consider using a reputable data removal service if you find this process overwhelming but always research any companies thoroughly first.

What to Do If You Are Doxed

• Document everything. Take screenshots/recordings of all relevant content such as emails, voicemails, social media posts and messages. Preserve URLs, timestamps, and any other identifying information that may be necessary for the platform or law enforcement. Even if some content feels embarrassing or reflects poorly on you, it may still serve as valuable evidence.
• Report and request removal of information. Report your displayed information or content to the platform where it appears. Use the platform’s built-in tools, typically a button or link identified as “Report Violation” or “Report Abuse”. Formally request the takedown of any posts containing your personal information.
• Seek legal guidance. While laws specifically targeting doxing are still evolving in many jurisdictions, existing legal frameworks may apply. Depending on the situation, doxing-related behavior can intersect with current laws concerning harassment defamation, fraud, or threat-related offenses.

It is important to remember that freedom of speech protections do exist, but they are not absolute and may not extend to malicious acts like doxing. Legal tools such as cease-and-desist letters or civil complaints may help deter further harassment. Consulting with an attorney specializing in cyber law or privacy rights can clarify your legal options and guide you through the process.

Related Threat: Swatting

Swatting is a more extreme form of online harassment, where someone falsely reports a serious emergency at the victim/target’s home, such as a hostage situation or violent crime, to trigger a large police response typically involving SWAT teams (hence the name) being deployed.

The victim is typically unaware of the false report, creating an incredibly dangerous situation for everyone involved. While this tactic has frequently targeted online streamers and public figures, anyone who shares live content or has a public online presence could be at risk. To reduce exposure:

• Never reveal personal details or identifiable surroundings on camera.
• Avoid showing your home layout or address in videos or streams.
• Use aliases instead of your real name when creating public-facing content.
• Consider contacting your local police department if you have a large audience and ask about preventative measures such as verification protocols.

Doxing and swatting are not just online inconveniences; they are tangible threats with potentially serious consequences. As digital participation becomes more central to everyday life, personal cybersecurity is no longer optional.

The most effective defense is proactive: limit what you share online, secure your accounts and stay aware of how your information can be accessed and exploited. Understanding your options if something goes wrong ensures you can respond quickly and effectively.

Cyber Habit of the Month: Recognize and Avoid Fake CAPTCHAs

A CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is a common security feature on websites, designed to distinguish human users from automated bots. It typically presents a simple task, like checking a box or identifying specific images.

In a fake CAPTCHA scam, cybercriminals mimic these prompts but include unusual instructions, such as copying and pasting commands or downloading files, which can install malware or steal personal information. These scams often appear on suspicious sites or pop-ups, and they rely on users trusting the familiar format.

To stay safe, only complete CAPTCHAs on legitimate websites, never follow unexpected instructions, double check URLs and keep your browser and security software up to date. If you think you may have fallen victim to a fake CAPTCHA scam, disconnect your device from the internet, change the passwords on your accounts and run a virus scan on your device. Monitor your credit reports for suspicious activity and consider putting a freeze on credit with major credit bureaus, which prevents anyone from opening an account with your information.

Additional Resources

• UC Berkeley: Personal Cybersecurity and Privacy / Preventing Doxxing
• Medium: I’ve been doxed: What to do in the first 24 hours
• Washington Post: How to scrub yourself from the internet, the best that you can
• US Department of Homeland Security: Resources for Individuals on the Threat of Doxing