FAQ - Online Harassment Targeting a Civil Society Member
How to deal with a case of online harassment against the requester, a colleague, or their organization
A case of online harassment has been reported.
- The harassment could lead to digital, physical or psychological damage to the targeted person.
- The suffered damage could stop the survivor from working, silence them, or compromise the activities of their entire organization.
- In some countries, some types of harassment could cause the targeted person to be arrested.
How we should deal with the requester
When someone is being harassed, they are often in a very delicate emotional state, so we should put them at ease, treat them seriously, and ensure they know that we believe them and are on their side.
People who are targeted by harassment can often feel shame and guilt, so it’s good to let them know that they’re not alone and that what is happening is not their fault.
The best way to start handling these cases is requesting an online meeting and let the client talk, asking our questions in the most delicate way possible. Often a call with no video is preferable than video-chat, as victims of harassment might not want to show their faces. Please note that sometimes a survivor may not be willing to talk at all, or even to give details on the attack. Therefore, we should also ask them if they have someone trusted we can talk to and who can answer our questions and document the case for them.
If the client prefers not to talk and does not have someone trusted who could discuss their case with us, it can still be useful to send:
- recommendations with immediate measures that the client can take
follow-up messages with suggestions of things they can do later on
- Initial Reply template: For the initial reply to clients who are targeted by gendered online violence, you can use the template in Article #268: Initial Reply for Harassment Cases.
- Vetting template: For introducing the vetting process to them, you can use the template in Article #269: Inform Clients Targeted by Harassment about Vetting.
Important questions we should ask
The first question we should ask regards the identity of the attacker - often persons targeted by online harassment know or can imagine who the harasser is. Determining this is very important to identify the type of attack and also to define if the case is within our mandate.
It is useful to ask the client if they can recall any incident that happened before and might be connected to the current attacks.
To identify the best mitigation strategy, we should try to understand what kind of harassment we are dealing with, by answering the following questions:
- Is the harasser a single person or a mob?
- Is the harassment targeting an individual or a group?
- Has the harasser hacked into personal accounts?
- Has the harasser published details on the client’s personal life?
- Has the harasser published private contents or images of the client?
- Is the harasser impersonating the client?
- Is the harassment based on attributes such as race, gender or religion?
- Are the client and/or the harasser/s minors?
- Has the harasser targeted the client’s website?
Based on the answers to these questions, we can identify what kind of harassment is taking place and find the best way to address it (see below, “Typologies of harassment and solutions”).
To identify what kind of harassment the client is suffering, we can use this framework by Online SOS.
One important detail we should ask about is if the targeted person has talked to their family and/or close friends. This can help us make sure that the person has some kind of support network and that they don’t feel completely alone in this situation.
Check that the case fits our mandate
After we have talked to the client and assessed the incident, we can check whether the case fits our mandate.
We should check that:
The targeted person is not a minor (see “Cyber bullying” below).
The targeted person is part of the civil society.
The client has been targeted by online harassment due their activism and/or opinions.
The harassment could damage the client’s reputation, safety, or work, or could disclose more personal information such as their identity, location, network of contacts, etc.
The harassment aims at silencing the client’s voice.
The attack is not due to private motivations (e.g. it is not being launched by an ex partner or other family members for personal reasons that are unrelated to the targeted person’s activism or work).
If the attack is due to private motivations, but could harm the client’s reputation, safety, or work, we should still support them. Otherwise we should refer them to a specialized organization - see “Organisations handling online harassment” below).
Important: Even if the case does not fit our mandate, we should share resources with the client and possibly refer them to a helpdesk specializing in online harassment (See “Organisations handling online harassment” below).
If we refer the client to a specialized helpdesk, we should avoid the client to have a sense of revictimization by having to tell all their story from scratch again. So we should ask the client if they prefer us to send information on the incident to the helpdesk, or if they would like to go through the details again with the organization we have referred them to.
It is always helpful to suggest the client to document the attacks or any other incident, and give them tips on how to take screenshots, save messages they receive, etc.
We can offer them some guidance on how to document the incident based on this howto.
If the attacks are too violent or the recipient feels overwhelmed, they can ask someone they trust to document the incidents for them for a while. Since this implies handing over access to their social media accounts, they should trust deeply the person who will manage this documentation. Once they can regain control of their account, they should change their passwords.
It is key to help the client make a risk analysis so they can make decisions on what to do next. If they don’t know who the aggressor is, we should help them try to identify who they might be, what type of resources they might have, and what might be their purpose and possible next steps. This will help them feel less immobilized, as in general they aren’t able to do a risk analysis on their own.
To prevent further damage, we should suggest the client to enable 2-factor authentication, possibly not SMS-based, on all their accounts.
If the client is part of a group, we should suggest them to inform the group about what is going on, as sometimes harassers target several members of a group, and also because the group should be warned not to follow fake social media accounts.
Typologies of harassment and solutions
Online harassment can take many forms, including:
- Abusive videos, comments, messages
- Revealing someone’s personal information (doxing)
- Stalking, through OSINT research and/or through the usage of commercial spyware
- Maliciously recording someone without their consent
- Deliberately posting content in order to humiliate someone
- Making hurtful and negative comments/videos about another person
- Unwanted sexualization
- Incitement to harass someone
- Hacking into someone’s account
- Reporting an account to a platform for taking it down with fake motivations
Online harassment can be divided into several types. What follows is a list of the types the Helpline can directly address:
- Account hijacking - the appropriation of an individual’s or a group’s email or social media account.
- Fake abuse reports - organized efforts to have an account or page on social networking platforms suspended or deactivated by sending a number of reports to the platform for an alleged abuse on part of the owner of the account or page.
- Doxing - a form of harassment that consists in publishing an individual’s personal details, for example their physical address or official identity.
- Non-consensual sharing of private content - a form of harassment consisting in publishing media and pictures, often nude, relating to someone’s private life. Media often label this attack as “revenge porn” - a term which we should avoid, as it highlights the attackers’ point of view.
- Impersonation - the impersonation of an individual’s or group’s identity, generally through the creation of fake profiles.
- Hate speech - this form of harassment consists in speech aimed at causing harm, demeaning or attacking a person or group on the basis of attributes such as race, religion, ethnic origin, sexual orientation, disability, or gender.
- Censorship - attempts at silencing a person or organization by making their website unreachable, for example through DDoS attacks or defacement.
- Malware infection - stalkers and other harassers can infect their target’s devices with commercial spyware, also called stalkerware or spyware.
Types and tactics of online harassment are described more extensively here .
In general, if the harasser is using a web service, the targeted person or our contact point can find information on how to report the attack in the relevant web pages:
Google+: “Report abuse on Google+”
Blogger: Harassment report form
Youtube: Harassment and cyberbullying policy
Twitter: “Online abuse”
- Yahoo: FAQ for blocking and/or reporting threatening or harassing emails
There are however more specific measures that can be taken, depending on the type of attack:
Doxing and Non-Consensual Sharing of Private Content
Twitter: Report an account for impersonation
Google+: Impersonation guidelines on Google+
Blogger: Impersonation report form
Instagram: FAQ on impersonation
Besides reporting the posts or pages through the official channels listed above, we should suggest the client to report and block the user.
In some cases, though, particularly if the client knows who the attacker is, the targeted person might choose not to block the attacker, so that they can keep track of what they share or say about them. We could ask the client if they have friends or supporters who could keep track of this for them, so they can stop exposing themselves to the aggression.
To be alerted about hate speech against them, we might recommend the client to set up a Google alert to be informed if something is published with their names.
Cyber bullying (out of mandate)
Some cases of harassment are out of mandate. The main example is cyber bullying, which affects minors. The Helpline cannot deal with minors and we should refer these cases to recognized organizations that work with minors.
Most platforms have strict policies against bullying:
- Facebook FAQ on bullying
- Facebook Bullying Prevention Hub
- A list of resources for reporting cyber bullying and harassment
- For cases in the US, this web page can be a good resource we can refer the client to.
- To prevent or mitigate DDoS attacks, we can refer the client to
- If the client’s website has been defaced, we can follow Article #232: Website Defaced.
Malware / Stalkerware / Spouseware
If the client’s device may be infected by malware, we can follow the relevant steps in Article #258: Advanced Threats Triage Workflow. If the client’s device is a Windows computer, see Article #133: How to clean a malware-infected Windows machine.
Also see the following resources:
- How to Protect Yourself from Creepy, Phone Snooping Spyware
- A tool by Security Without Borders to find and remove the FlexiSPY stalkerware
- How to Check if an Android Phone has a Stalkerware Installed?
- CETA’s Step-by-step How-to guides - a list of materials, tools, and resources that CETA volunteers have created to help IPV survivors, support workers, and technologists discover and address tech-related risks.
Content on websites
If the harasser is using a website/server, either to send malicious emails or to upload harassing content, the client may need to contact the administrators or the hosting provider in order to stop or mitigate the attack.
The Helpline team can help identify the contact point using WHOIS to identify the server/website owner.
Inform the police
In some cases the targeted person may need to inform the police. The Helpline should assist the client to determine whether this would help or further damage their situation. Especially if the adversary is a part of or is linked to the government, contacting the authorities could only make things worse.
Organisations handling online harassment
If the case is out of mandate, for example because the attack is connected to private motivations and the client is not a member of civil society, we can refer them to an organization that focuses on protecting users from online harassment:
- In Pakistan, the Digital Rights Foundation manages a Cyber Harassment Helpline
- Mexico: Dominemos las TIC
- Ecuador: Navegando Libres Por La Red
- Latinamerica and USA
- Vita-Activa - online support and strategic solutions for women and LGBTIQ+ journalists, activists and gender, land and labor rights, and freedom of expression defenders experiencing stress, trauma, crisis, burnout and/or facing gender based violence.
Cyber Civil Rights Initiative - hotline for survivors of online abuse - US-based, according to their website can be reached by phone at: 1-844-878-2274
Information & Resources for Survivors of Violence Against Women (mainly in the U.S.)
The Games and Online Harassment Hotline - online support in and around the gaming community. Text SUPPORT to 23368 (USA only) to get started with an agent during their open hours. Their website gameshotline.org has more resources for gaming specific aid and online security support.
- Spain/Catalonia: Donestech in 2019 produced KIT Against online gender-based violence which lists a number of Spanish and English resources. offers support to persons targeted by online violence.
- Take Back the Tech is a global project to take control of technology to end violence against women, and offers support against online gendered violence. Accordingly to their website, they receive help requests through the email@example.com mailbox and do not offer phone support. They only accept referrals from known contacts.
- More organizations are listed here.
- A list of manuals on privacy and security with a gender perspective
- For preventing doxing, we can suggest the client to follow the instructions in Access Now Helpline’s Self-doxing guide.
- The Online Harassment Field Manual - a good resource for journalists on how to prevent and respond to harassment
- Info on blackmail-sextorsion, cyberstalking and hate speech
- DIY Cybersecurity for Domestic Violence
- Heartmob is a support network to fight harassment on social media - For starting to get support from the network, refer the client to this link .
- Heartmob webinar links and resources
- Staying safe on social media
- Online harassment resources
- Crash Override Network resources
- Crash Override’s Automated Cybersecurity Helper
- More resources on online violence
Acoso Online aims to provide reliable information and tools to victims of non-consensual pornography as well as the organizations that accompany and support them. Their online resource covers different responses available to victims and their supporters - digital security, platform reporting, legal mechanisms, and social or community-oriented responses. They currently have information on their site for legal mechanisms in Chile, Argentina, Brazil, Peru, Venezuela, Panama and Mexico.
- Article #268: Initial Reply for Harassment Cases
- Article #269: Inform Clients Targeted by Harassment about Vetting
- Article #298: Doxing and Non-Consensual Publication of Pictures and Media
- Article #258: Advanced Threats Triage Workflow
- Article #133: How to clean a malware-infected Windows machine
- Article #72: Project Galileo onboarding of new client - DDoSP
- Article #137: How to set up Deflect DDoSP for a client
- Article #232: Website Defaced