It starts with setting up a private Facebook or Twitter account: information about the favorite book, the best band or marital status is diligently revealed. Then one or the other holiday picture with the family ends up online, and daily political events are discussed on the pages of various media.
This is anything but harmless, because it is precisely here, in social networks, that criminals pick up information that they later use against their victims. In fact, it has never been easier for criminals to find out information about their victims and to use this information for cyber attacks
This type of cyber attack is called doxing: A hacker performs a malicious act against people by disclosing identifiable information about the attacked person on the Internet. In addition to the person’s name, this information can also be their home address, place of work, telephone number, financial information or other personal data such as social security numbers, private correspondence and so on. Cyberbullying can be behind the doxing, but more often it is actually about the misuse of information to make money: for example, to extort ransom or to sell it on the Darknet. Both individuals and companies can be affected.
One method is to trace back usernames. Because many people use one and the same user name in all Internet portals in which they are registered. This makes it child’s play to find out people’s interests and internet habits. In addition, all information about a person who puts them publicly on the Internet or on social platforms can be found out. In addition to place of residence and place of work, friends, photos, “likes” and ratings can also be called up in public profiles. Places visited, names of family members and longtime friends – all this information can be easily tapped and misused for doxing
Another typical method is email abuse: if the victims use insecure email accounts or click on phishing links in emails, criminals can not only access sensitive emails, but also publish this content online. “Criminals sometimes disguise their actual email address and make it appear as if the email is from a friend. With the knowledge of the email address from social networks, this is easy. In this way, it may be possible to obtain further information
Information about people can also be bought from so-called data brokers. Sellers obtain this information in a number of ways: publicly available records are used as well as information exposed through loyalty cards. Information can also be tapped via the online search history and, of course, other data brokers can also be the source of the information. »In this context, advertising agencies in particular are popular customers of data brokers.
Just recently, Kaspersky also warned of the increase in highly professional corporate doxing about fake e-mails. In February of this year alone, Kaspersky experts counted 1,646 BEC attacks worldwide. The tricks used to pretend false identities are particularly striking: voices are imitated with artificial intelligence in a deceptively real way. “A criminal could fake the voice of high-ranking executives in order to induce employees to release confidential information
The protection of personal information, and here in particular common sense, protects against doxing: skepticism should always be advised when irritating messages from acquaintances, colleagues or superiors are received – especially when it comes to money or information orders.
The following tips also protect companies and private individuals from doxing:
