What to do if I’ve been doxed: Actions to take in the first 24hours.
If you are in immediate danger, please call your local emergency number.
This is a step-by-step guide on actions to consider after being targeted online. It’s direct and concise by design. There’s no “right way” or order to go about things. Here is information so you can come up with an action plan that best supports your incident, goals, and needs.
Trigger warning: For someone not in immediate need of an action plan, this guide could be triggering. If you are concerned about being targeted, scroll below for prevention-focused guides.
Audience: Have you been doxed (doxxed)? And you are concerned?
Personal information — that you consider to be private and sensitive — has been published online. Information can include (but not limited to) your phone number, home address, email address, employer info, family members’ personal info, photos including intimate images, or driver’s license or SSN.
And you interpret this dox to be an explicit or implicit threat. You experience the publication of this info as some attempt to stalk, intimidate, silence, retaliate, or extort.
Before we begin:
No matter what, please consider these 3 things throughout the next 24 hrs:
 Save everything; (try to) delete nothing.
- Take screenshots. Make sure the date and URL is in there. If not, try to save that. All evidence helps. Even if evidence includes content you may regret writing yourself, save it.
- If you must delete, take a screenshot first. Deleting might impact your ability later if you need to take legal actions.
 Your safety is the #1 priority.
- Remember to breathe, to think clearly.
- Whatever negative stories you have, please know, this isn’t your fault.
 Tell someone you trust.
- You aren’t alone. People will step up to help. Even highly functioning and capable people can use help in these situations. You deserve it. And this way, there’s somewhat of a witness.
In the 1st hour:
Are you in a safe place?
If you feel you are in a location that is unsafe or compromised, call 911. Tell someone you trust (ideally via encrypted communication — Whatsapp, Signal). Move your location to somewhere you consider safe. Make sure your cellphone has geo-location turned off.
Can you think clearly?
Once you are in a safe place, can you think clearly? You may be in fight or flight mode. This is just your body and brain reacting. Take a 3 deep, long breaths. Try to de-escalate, so you can figure out what to do next.
Let’s triage and stop the “bleeding.”
Report the dox to the platform where your info appears. Keywords: “report violations” to terms of service or community guidelines. While filling a form out once, save that for the future (so you don’t have to repeat yourself). This is the first step to stop the spread of your personal info.
Has a physical, credible threat been made against you? Call the police or FBI. If you can, go with a friend. Make sure you ask for a copy and write down your case number.
Has an online account been compromised? Change your passwords — starting with the compromised account. Don’t forget to jot it down — pen and paper — or in your password saver. Add 2FA. Add higher privacy settings for your phone, email, or social media accounts.
What are you most concerned about?
Take out a piece of paper and identify what you are most concerned about. This will help you determine your goals and action steps.
- What are you trying to protect? What “assets”?
- Could be email, location, files, reputation, physical safety, safety of someone you know, real name, etc.
- What part or area of life?
- Who else could it impact?
- Who do you think you are protecting it from?
Are you able to tell someone what happened?
Documenting specific details of what’s going on is one of the most valuable things you can do in the moment. You may have to share this story over again, so documenting now will make it easier. You may be asked — “who do you think is behind this? why do you think you are being targeted?” If you have an idea, definitely save this info. The question might feel invalidating, but provides important context for those trying to help you.
How will you monitor what’s going on?
Create a way to monitor what’s going on, so you can assess any risks. Set a Google alert for your name or any keywords. Add a filter in your gmail. Ask a friend to monitor your accounts and email you.
You may also enjoy reading, CVEs You May Have Missed While Log4J Stole The Headlines
Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for RiSec Weekly Cybersecurity Newsletter Today
Remember, CyberSecurity Starts With You!
- Globally, 30,000 websites are hacked daily.
- 64% of companies worldwide have experienced at least one form of a cyber attack.
- There were 20M breached records in March 2021.
- In 2020, ransomware cases grew by 150%.
- Email is responsible for around 94% of all malware.
- Every 39 seconds, there is a new attack somewhere on the web.
- An average of around 24,000 malicious mobile apps are blocked daily on the internet.
- UK bans Chinese CCTV cameras at ‘sensitive’ government locations - 26 November 2022
- Chrome Update: Exploited Zero-Day Vulnerability fixed by Google, the 8th this year - 25 November 2022
- RESEARCH: analytics information related to iPhones include a Directory Services Identifier (DSID) that may be used to identify users - 24 November 2022