What Is Doxing, and How to Protect Against Scammers

Doxing and How to Defend Against It

Doxing is the gathering, harvesting, and publishing of personal information about someone without their consent.  Scammers (fraudsters, hackers, all synonymous) do this regularly as well as share information among themselves.

Here's an example: 

You're a student at Fairfield University and your mother gets a call from someone "accepting donations for the upcoming graduation". and they ask for her credit card number. They know the student's name, their graduation date, the mother's name, and the mother's phone number. Is this possible? Yes, it's called doxing.

Q. So, if I am a student, it's possible for an attacker to figure out the date of my graduation and phone numbers of my relatives?

A. Yes, it is possible for an attacker to figure out your graduation date and phone numbers of your relatives if this information is available online or through other sources.  For example, if your school or university publishes graduation dates online (and most do), an attacker could potentially access this information and use it to target you or your family members.

Hackers use various techniques to gather information, such as social engineering, phishing, and hacking into online accounts.  They may also use public records, people searches, social media profiles, and other online sources to find information about us and our families.

To protect your personal information, it's important to be mindful of what you share online and take steps to secure your accounts and devices.  This includes using strong, unique passwords and enabling multifactor authentication on your accounts, as well as regularly monitoring your accounts for any suspicious activity.  Additionally, be cautious about sharing personal information, like your family contacts, online or in public forums where it could be accessed by others.

However, as careful as we are, it is difficult to prevent hackers from being resourceful. That's where extra vigilance comes in.

Q. So, what are some good methods to protect against doxing?

A. Here are 9 good tips to help protect us:

1. Be cautious with your personal information:  Avoid sharing your full name, address, phone number, email address, and other sensitive information online or in public forums.
2. Use strong passwords:  Use strong, unique passwords for each of your accounts and enable multifactor authentication to add an extra layer of security.
3. Be careful with social media:  Be cautious about what you share on social media platforms and adjust your privacy settings to limit who can see your posts. And believe it or not, you can live without Facebook or social media!
4. Monitor your online presence.  Regularly search for your name and other personal information online to see what information is publicly available.
5. Keep your software up to date on all your devices.  This ensures your applications, operating system, and security software are up to date to protect against known vulnerabilities.
6. Always be wary of phishing scams. Be careful when clicking on links or downloading attachments in emails or messages from unknown senders.
7. Let relatives also know to be wary of phishing scams, as well as doxing. The prepared person will not be tricked by scammers.
8. Seek help from professionals.  If you believe that you, a friend, or a relative may have been doxed, seek help from a cybersecurity expert or law enforcement agency if necessary. Don't go it alone!
9. Never reuse passwords.  Use a unique password for each and every application or website.  Otherwise, if one account is compromised, hackers will use that password for all your other ones.

If you think you have been a victim of doxing, please do not hesitate to contact the Help Desk at (203) 254-4069 to report this incident.