With this movie, I wanted to find a more exciting way to talk about doxxing without doing it academic style. The film should make us reflect, and why not, shake a bit.
Doxing or doxxing is publicly exposing someone’s real name, address with a combination of other personal data on the internet. This without the consent of that person.
Doxxing is a much more personal attack as it seeks to find out information on a specific person. The motives behind such actions are widespread. It can be a fascination/obsession with a particular person, a prank, grudge, or even a will to harm. And all of what a doxer need is a connection to the internet.
Former con artist Frank Abagnale on a podcast episode with Jordan Harbinger, points out that today it is much easier to pull off scams because the information is everywhere. And this is so true also for doxxing.
Today we can find so much information online; in fact, there is so much it is hard to keep track and even navigate it.
But when you have the knowledge, skills, time, and determination, you can find a lot on a specific person online and, by consequence, harm.
The way we can be doxxed in many ways depends on our presence online and habits.
Some of us leave hourly activities traces, from pictures, running habits, and preferences. Others prefer to post business content on LinkedIn. Some people have multiple accounts to separate their internet persona to the real-life one.
No matter which one you are, you always need to be aware of what you post and how someone uses the information to identify your personal information.
Let’s look into the path on how the obsessed guy succeeds in doxxing Mia.
The video is an example that bases on three main elements:
- Mia does not have full control of privacy settings
- Mia has multiple social media accounts with similar/same content
- Her friends are less savvy in terms of privacy/dangers of posting information online
In addition to that, the video exposes a growing problem of information floating on the popular TikTok app.
PRIVATE SETTINGS ON SOCIAL MEDIA
You should always start with the question: Am I fine that I am sharing information with an unknown stranger? If No, then privacy settings will help you to curb who can see what.
Some social media, like Instagram or Twitter, are in favor of public posts. Yet, even on those platforms, you can find specific settings to make the account available only to authorized followers.
MULTIPLE SOCIAL MEDIA ACCOUNTS
Attackers treat various accounts as additional databases to gather information on us.
We tend to think that if we have multiple accounts, then there should not be an easy way to find a link between them. Yet there are ways to find such links for the ones with the right skills and knowledge.
There is a tendency to create different social accounts under one email due to convenience. For sure, this makes it easier to manage your notifications, but the downside is that it is easy as well to trace your online presence.
There are several techniques and tools to scrape the internet looking for accounts based on email and phone.
Lampyre for example is a tool used for Online investigations that has a very user-friendly way to find such information.
You can see how easy it is to do an email or phone lookup in the demo video.
PICTURES
You can use photos to do so-called reverse image searches.
This search method provided by all search giants will look for the same or similar pictures.
You can, for example, check a user is fake by finding similar pictures in other social media accounts. In this particular case, the attacker uses it to link a public Instagram account to a private Facebook account.
FRIENDS
The more we all are privacy savvy, the better we are all protected. Friends can be the weak link in our security. If they do not have the same attitude towards privacy, there is a chance that their relaxed security can be harmful to us.
TIKTOK
With the evolution of social media and the introduction of new platforms, we face new challenges privacy risks. Those challenges are presented by our lack of knowledge or by or friends and relatives on the new platform. An article struck me on how easy it is to find personal data on a platform known for short videos.
From the article
“I have seen people posting emails, phone numbers, links to other social media, ID cards, passports, and a load of other personal identifiers like their height and age. This is often due to the following ‘trends’ where someone has done it and got good reactions, so everyone starts to do it, despite how dangerous it could be.”
TikTok – Using OSINT to Discover New Leads
As you can see, even if we do not post all our information on the internet, there are many ways to look for bits and pieces. You can start with a picture and end up with the phone number of the person. And this only because you had the knowledge, time, and persistence to look for clues.
piotrsec.wordpress.com 