Call - 07769 804065
Online Security Series Part 4: Social Engineering, Doxing & Harassment | Mac & PC Farnham
SECURITY SERIES - PART 4 OF 5

Social Engineering, Doxing & Online Harassment

Published: February 2026 | Reading Time: 11 minutes
Series: Online Security for Everyday Users | Author: Sean Kevin Wyndham-Quin, Mac & PC Farnham
Previously in this series: We've covered phishing, malware, and identity theft. Today we're exploring the psychological manipulation tactics criminals use and the darker side of online interaction—doxing, trolling, and harassment.

The Human Element

98% of cyber attacks rely on social engineering

1 in 3 UK adults experienced online harassment

£3.2 million lost to "CEO fraud" in UK businesses (2025)

Social Engineering: Hacking the Human

Social engineering is the art of manipulating people into divulging confidential information or performing actions that compromise security. Unlike technical hacking that exploits software vulnerabilities, social engineering exploits human psychology—our trust, fear, curiosity, and desire to be helpful.

Why it works: It's easier to trick someone into giving you their password than to crack encryption. Humans are often the weakest link in security.

Common Social Engineering Tactics

👔 Pretexting

Creating a fabricated scenario to obtain information.

Example: "I'm calling from IT support about your account" or "This is the tax office regarding unpaid taxes."

🎁 Baiting

Offering something enticing to lure victims.

Example: Free USB drives in car park, "Download free music" links, prize giveaways.

⚡ Urgency & Fear

Creating panic to bypass rational thinking.

Example: "Your account will be closed in 24 hours!" or "Suspicious activity detected!"

👑 Authority

Pretending to be someone important.

Example: "This is your boss," "Police here," "HMRC calling."

🤝 Quid Pro Quo

Offering help in exchange for information.

Example: "We'll give you free tech support if you download this tool."

🚪 Tailgating

Physical social engineering—following through secure doors.

Example: "Sorry, forgot my badge, can you let me in?"

Real-World Social Engineering Examples

The CEO Fraud

The Setup:
An accountant receives an urgent email that appears to be from the CEO:

"I'm in a confidential meeting with investors. Need you to wire £50,000 to this supplier immediately for an urgent acquisition. Don't discuss with anyone—this deal is highly sensitive and not yet public. Time is critical."

The Result:
The accountant, trusting the CEO's authority and responding to urgency, wires the money. The email address was spoofed: ceo@company-name.co.uk instead of ceo@companyname.co.uk

The Loss: £50,000 gone, likely unrecoverable

The Helpful IT Person

The Call:
"Hello, this is James from IT. We're rolling out a security update and need to verify your login credentials. Can you confirm your username and password?"

What's Really Happening:
There's no security update. A criminal is calling employees randomly, hoping someone will provide their credentials. Once they have access, they can steal data, install malware, or commit fraud.

Prevention:
Real IT departments never ask for passwords. Hang up and call IT through the official number to verify.

The Grandparent Scam

The Call:
Phone rings. A distressed voice: "Grandma, it's me! I've been in an accident abroad and I'm in jail. I need £5,000 for bail. Please don't tell Mum and Dad—they'll be so disappointed. Can you wire the money?"

The Psychology:
Exploits love, fear, and desire to help. Criminals research victims on social media to know grandchildren's names. The request for secrecy prevents verification.

Prevention:
Always verify through another family member. Establish family code words for emergencies.

How to Protect Yourself from Social Engineering

  • Verify identity independently – Call back using official phone numbers from company website, not numbers provided by caller
  • Question urgency – Legitimate organizations don't create artificial 24-hour deadlines
  • Never give passwords or PINs – No legitimate organization will ever ask for these
  • Be suspicious of authority – Criminals impersonate police, HMRC, banks, and bosses
  • Trust your instincts – If something feels wrong, it probably is
  • Establish verification protocols – Family code words for emergency calls
  • Think before you click – Don't let urgency override caution
  • Don't overshare online – Information used to make social engineering more convincing
  • Educate family members – Elderly relatives are often targeted
  • Use multi-factor authentication – Even if someone gets your password, they can't access accounts

Doxing: When Privacy Becomes a Weapon

Doxing (or doxxing) is the malicious publication of private or identifying information about someone online without their consent. The term comes from "dropping docs" (documents).

What Information Gets Exposed

  • Full name, address, and phone number
  • Email addresses and social media accounts
  • Workplace details and employer contact
  • Family members' information
  • Financial details and banking information
  • National Insurance or other ID numbers
  • Photos, including of home and family
  • Medical records or personal history

Why People Get Doxed

  • Revenge or harassment after personal disputes
  • Political disagreements or activism
  • Online gaming conflicts (surprisingly common)
  • Whistleblowing retaliation
  • Stalking and intimidation
  • Targeted because of profession (journalists, police, politicians)

Real Impact of Doxing

Victims have experienced:
  • Harassment and threats at home and work
  • Identity theft using exposed information
  • "Swatting" – false emergency calls to their address
  • Job loss due to workplace harassment
  • Family members being targeted
  • Need to relocate for safety
  • Severe anxiety and fear
  • Financial fraud

How Criminals Gather Information for Doxing

  1. Social media – Posts revealing location, workplace, family
  2. Public records – Electoral roll, property ownership, business registrations
  3. Data broker sites – Whitepages, 192.com, etc.
  4. Photo metadata – GPS coordinates embedded in images
  5. Username reuse – Tracking same username across platforms
  6. WHOIS data – Domain registration information
  7. Data breaches – Leaked information from hacks
  8. Social engineering – Tricking you into revealing information

How to Protect Yourself from Doxing

  • Google yourself regularly – See what information is publicly available
  • Use privacy settings on all social media (Facebook, Instagram, Twitter, LinkedIn)
  • Don't overshare location – Avoid posting real-time locations, check-ins
  • Use different usernames across platforms (makes tracking harder)
  • Remove yourself from data brokers – Opt out of Whitepages, 192.com, etc.
  • Turn off photo location services – Disable GPS tagging in camera settings
  • Use P.O. Box or work address for online purchases when possible
  • Hide WHOIS information – Use domain privacy protection
  • Create separate email addresses – Personal, shopping, social media, work
  • Be careful in photos – House numbers, street signs, car plates visible
  • Remove personal info from resume – Don't include full address on public CVs
  • Opt out of electoral roll marketing – Contact local council

If You've Been Doxed

  1. Document everything – Screenshots with timestamps, archives
  2. Report to platform where information was posted
  3. Contact police – Especially if threats made (report to 101 or Action Fraud)
  4. Secure all online accounts – Change passwords, enable 2FA
  5. Inform your employer if work details shared
  6. Monitor credit report for fraudulent activity
  7. Consider legal action – Doxing may violate Data Protection Act
  8. Request removal from search engines (Google has removal form)
  9. Notify family members if their information exposed
  10. Professional security review – Mac & PC Farnham can help secure devices

Trolling & Online Harassment

Trolling ranges from mildly annoying behavior to severe, coordinated harassment campaigns that can destroy lives.

Types of Trolling

Type Behavior Severity
Light Trolling Posting controversial opinions to start arguments Low - Annoying
Flaming Posting insults and hostile messages Medium - Offensive
Harassment Sustained targeting of individual with abuse High - Harmful
Dogpiling/Brigading Coordinated group attacks on individual Severe - Devastating
Cyberstalking Persistent monitoring and harassment Critical - Dangerous

Why People Troll

  • Anonymity – No real-world consequences
  • Attention-seeking – Negative attention still feeds ego
  • Entertainment – Find reactions amusing
  • Ideological warfare – Attacking opposing views
  • Psychological issues – Sadism, personality disorders
  • Group mentality – Peer pressure in online communities

Impact on Victims

  • Anxiety, depression, and PTSD
  • Fear and paranoia about online presence
  • Reduced participation in online communities
  • Sleep problems and health issues
  • Professional consequences (trolls contacting employers)
  • Relationship strain
  • In extreme cases, self-harm or suicide

How to Handle Trolling & Harassment

  • Don't feed the trolls – Engagement is what they want; starve them of attention
  • Block immediately – Use platform blocking features liberally
  • Report to platform – Twitter, Facebook, Instagram all have reporting systems
  • Document everything – Screenshots with dates for potential legal action
  • Adjust privacy settings – Limit who can contact or see your posts
  • Take breaks – Step away from social media when overwhelmed
  • Build support network – Friends and family who understand
  • Don't share personal information – Don't give trolls ammunition
  • Use mute/filter features – Filter out keywords and phrases
  • Remember it's not about you – Trolls attack indiscriminately

When to Involve Authorities

Contact police immediately if harassment includes:
  • Credible threats of violence
  • Threats against family members
  • Doxing (publishing personal information)
  • Stalking behavior (monitoring movements)
  • Swatting attempts or bomb threats
  • Distribution of intimate images
  • Threats to children
  • Harassment that continues after blocking

UK Reporting:

  • Immediate danger: Call 999
  • Non-emergency: Call 101
  • Cybercrime: Action Fraud 0300 123 2040
  • Support: Victim Support 0808 168 9111

Protecting Children Online

Children and teenagers are particularly vulnerable to online harassment, cyberbullying, and social engineering.

Parental Guidance

  • Open communication – Create environment where children feel safe discussing online issues
  • Age-appropriate education – Teach about online dangers at appropriate level
  • Monitor (don't spy) – Know what platforms they use and who they interact with
  • Privacy settings – Help set up accounts with maximum privacy
  • Parental controls – Use built-in controls on devices and routers
  • No personal information – Teach never to share name, address, school
  • Recognize cyberbullying – Changes in behavior, reluctance to use devices
  • Report mechanisms – Ensure they know how to report abuse
  • Set time limits – Healthy balance of online and offline activities
  • Lead by example – Model good digital citizenship

WiFi Security & Physical Security

Public WiFi Dangers

  • Man-in-the-middle attacks – Criminals intercept your communication
  • Evil twin networks – Fake hotspots with legitimate-sounding names
  • Packet sniffing – Monitoring unencrypted traffic

Protection on Public WiFi

  • Use VPN always – Encrypts all traffic (NordVPN, ExpressVPN, ProtonVPN)
  • Avoid sensitive activities – No banking or shopping on public WiFi
  • Verify network name – Ask staff for correct WiFi name
  • Turn off auto-connect – Prevent automatic joining of networks
  • Use HTTPS only – Check for padlock in browser
  • Turn off file sharing – In network settings
  • Forget network after – Don't save public networks

Home WiFi Security

  • Change default router password – "admin/admin" is not secure
  • Use WPA3 encryption (or WPA2 if router older)
  • Strong WiFi password – At least 16 characters, mix of types
  • Update router firmware – Check manufacturer website regularly
  • Disable WPS – Vulnerable to attacks
  • Create guest network – Separate network for visitors
  • Hide SSID (optional) – Makes network less visible

Action Plan: This Week's Challenge

7-Day Protection Challenge:

  1. Day 1: Google yourself—see what personal information is public
  2. Day 2: Review and tighten all social media privacy settings
  3. Day 3: Remove yourself from 2-3 data broker websites
  4. Day 4: Set up VPN on your devices for public WiFi use
  5. Day 5: Change home WiFi password to something strong and unique
  6. Day 6: Have conversation with family about verification protocols for emergency calls
  7. Day 7: Turn off location services in camera settings on phone

Need Help Securing Your Digital Life?

At Mac & PC Farnham, we can help you implement proper security measures, set up privacy protection, and recover from harassment or doxing situations.

Call 07769 804065

Or email: skwquin@macpcfarnham.uk

Online Security Series

📧 Final Part Next Week! Part 5 brings everything together with practical tools, step-by-step security setup guides, and a complete protection strategy you can implement immediately.

About the Author: Sean Kevin Wyndham-Quin has over 20 years of experience in computer repair and security. At Mac & PC Farnham, he helps individuals and families protect themselves from online threats and harassment.

Tags: social engineering, doxing, trolling, online harassment, cyberbullying, cybersecurity, privacy protection, WiFi security, UK cybercrime, digital safety Farnham