A civil society member has been subjected to a hate speech campaign or other forms of harassment and gendered online violence
Edit me

FAQ - Online Harassment Targeting a Civil Society Member

How to deal with a case of online harassment against the requester, a colleague, or their organization


A case of online harassment has been reported.

  • The harassment could lead to digital, physical or psychological damage to the targeted person.
  • The suffered damage could stop the survivor from working, silence them, or compromise the activities of their entire organization.
  • In some countries, some types of harassment could cause the targeted person to be arrested.


How we should deal with the requester

When someone is being harassed, they are often in a very delicate emotional state, so we should put them at ease, treat them seriously, and ensure they know that we believe them and are on their side.

People who are targeted by harassment can often feel shame and guilt, so it’s good to let them know that they’re not alone and that what is happening is not their fault.

The best way to start handling these cases is requesting an online meeting and let the beneficiary talk, asking our questions in the most delicate way possible. Often a call with no video is preferable than video-chat, as victims of harassment might not want to show their faces. Please note that sometimes a survivor may not be willing to talk at all, or even to give details on the attack. Therefore, we should also ask them if they have someone trusted we can talk to and who can answer our questions and document the case for them.

If the beneficiary prefers not to talk and does not have someone trusted who could discuss their case with us, it can still be useful to send:

Important questions we should ask

  • The first question we should ask regards the identity of the attacker - often persons targeted by online harassment know or can imagine who the harasser is. Determining this is very important to identify the type of attack and also to define if the case is within our mandate.

  • It is useful to ask the beneficiary if they can recall any incident that happened before and might be connected to the current attacks.

  • To identify the best mitigation strategy, we should try to understand what kind of harassment we are dealing with, by answering the following questions:

    • Is the harasser a single person or a group?
    • Is the harassment targeting an individual or a group?
    • Has the harasser hacked into personal accounts?
    • Has the harasser published details on the beneficiary’s personal life?
    • Has the harasser published private contents or images of the beneficiary?
    • Is the harasser impersonating the beneficiary?
    • Is the harassment based on attributes such as race, gender or religion?
    • Are the beneficiary and/or the harasser/s minors?
    • Has the harasser targeted the beneficiary’s website?

Based on the answers to these questions, we can identify what kind of harassment is taking place and find the best way to address it (see below, “Typologies of harassment and solutions”).

To identify what kind of harassment the beneficiary is suffering, we can use this framework by Online SOS.

One important detail we should ask about is if the targeted person has talked to their family and/or close friends. This can help us make sure that the person has some kind of support network and that they don’t feel completely alone in this situation.

Check that the case fits our mandate

After we have talked to the beneficiary and assessed the incident, we can check whether the case fits our mandate.

We should check that:

  • The targeted person is not a minor (see “Cyber bullying” below).

  • The targeted person is part of the civil society.

  • The beneficiary has been targeted by online harassment due their activism and/or opinions.

  • The harassment could damage the beneficiary’s reputation, safety, or work, or could disclose more personal information such as their identity, location, network of contacts, etc.

  • The harassment aims at silencing the beneficiary’s voice.

  • The attack is not due to private motivations (e.g. it is not being launched by an ex partner or other family members for personal reasons that are unrelated to the targeted person’s activism or work).

    If the attack is due to private motivations, but could harm the beneficiary’s reputation, safety, or work, we should still support them. Otherwise we should refer them to a specialized organization - see “Organisations handling online harassment” below).

Important: Even if the case does not fit our mandate, we should share resources with the beneficiary and possibly refer them to a helpdesk specializing in online harassment (See “Organisations handling online harassment” below).

If we refer the beneficiary to a specialized helpdesk, we should avoid making the beneficiary feel revictimized by having to tell us their story from scratch again. We can ask the beneficiary if they prefer us to send information on the incident to the helpdesk, or if they would like to go through the details again with the organization we have referred them to.

Immediate measures

It is always helpful to suggest the beneficiary to document the attacks or any other incident, and give them tips on how to take screenshots, save messages they receive, etc.

  • We can offer them some guidance on how to document the incident based on this how-to.

  • If the attacks are too violent or the recipient feels overwhelmed, they can ask someone they trust to document the incidents for them for a while. Since this implies handing over access to their social media accounts, they should trust deeply the person who will manage this documentation. Once they can regain control of their account, they should change their passwords.

It is key to help the beneficiary make a risk analysis so they can make decisions on what to do next. If they don’t know who the aggressor is, we should help them try to identify who they might be, what type of resources they might have, and what might be their purpose and possible next steps. This will help them feel less immobilized, as in general they aren’t able to do a risk analysis on their own.

To prevent further damage, we should suggest the beneficiary to enable 2-factor authentication, possibly not SMS-based, on all their accounts.

If the beneficiary is part of a group, we should suggest them to inform the group about what is going on, as sometimes harassers target several members of a group, and also because the group should be warned not to follow fake social media accounts.

Typologies of harassment and solutions

Online harassment can take many forms, including:

  • Abusive videos, comments, messages
  • Revealing someone’s personal information (doxing)
  • Stalking, through OSINT research and/or through the usage of commercial spyware
  • Maliciously recording someone without their consent
  • Deliberately posting content in order to humiliate someone
  • Making hurtful and negative comments/videos about another person
  • Unwanted sexualization
  • Incitement to harass someone
  • Hacking into someone’s account
  • Reporting an account to a platform for taking it down with fake motivations

Online harassment can be divided into several types. What follows is a list of the types the Helpline can directly address:

  • Account hijacking - the appropriation of an individual’s or a group’s email or social media account.
  • Fake abuse reports - organized efforts to have an account or page on social networking platforms suspended or deactivated by sending a number of reports to the platform for an alleged abuse on part of the owner of the account or page.
  • Doxing - a form of harassment that consists in publishing an individual’s personal details, for example their physical address or official identity.
  • Non-consensual sharing of private content - a form of harassment consisting in publishing media and pictures, often nude, relating to someone’s private life. Media often label this attack as “revenge porn” - a term which we should avoid, as it highlights the attackers’ point of view.
  • Impersonation - the impersonation of an individual’s or group’s identity, generally through the creation of fake profiles.
  • Hate speech - this form of harassment consists in speech aimed at causing harm, demeaning or attacking a person or group on the basis of attributes such as race, religion, ethnic origin, sexual orientation, disability, or gender.
  • Censorship - attempts at silencing a person or organization by making their website unreachable, for example through DDoS attacks or defacement.
  • Malware infection - stalkers and other harassers can infect their target’s devices with commercial spyware, also called stalkerware or spyware.

Types and tactics of online harassment are described more extensively here .

In general, if the harasser is using a web service, the targeted person or our contact point can find information on how to report the attack in the relevant web pages:

There are however more specific measures that can be taken, depending on the type of attack:

Doxing and Non-Consensual Sharing of Private Content

See Article #298: Doxing and Non-Consensual Publication of Pictures and Media.

Hate Speech

Besides reporting the posts or pages through the official channels listed above, we should suggest that the beneficiary report and block the user.

In some cases, though, particularly if the beneficiary knows who the attacker is, the targeted person might choose not to block the attacker, so that they can keep track of what they share or say about them. We could ask the beneficiary if they have friends or supporters who could keep track of this for them, so they can stop exposing themselves to the aggression.

To be alerted about hate speech against them, we might recommend the beneficiary to set up a Google alert to be informed if something is published with their names.

Cyber bullying (out of mandate)

Some cases of harassment are out of mandate. The main example is cyber bullying, which affects minors. The Helpline cannot deal with minors and we should refer these cases to recognized organizations that work with minors.

Most platforms have strict policies against bullying:

Malware / Stalkerware / Spouseware

If the beneficiary’s device may be infected by malware, we can follow the relevant steps in Article #258: Advanced Threats Triage Workflow. If the beneficiary’s device is a Windows computer, see Article #133: How to clean a malware-infected Windows machine.

Also see the following resources:

If the harasser is using a website/server, either to send malicious emails or to upload harassing content, the beneficiary may need to contact the administrators or the hosting provider in order to stop or mitigate the attack.

The Helpline team can help identify the contact point using WHOIS to identify the server/website owner.

Inform the police

In some cases the targeted person may need to inform the police. The Helpline should assist the beneficiary to determine whether this would help or further damage their situation. Especially if the adversary is a part of or is linked to the government, contacting the authorities could only make things worse.

If the website/server used by the harasser does not accept to collaborate, the targeted person may need to contact the authorities of the host country to stop the harassment.

Organisations handling online harassment

If the case is out of mandate, for example because the attack is connected to private motivations and the beneficiary is not a member of civil society, we can refer them to an organization that focuses on protecting users from online harassment:


Additional resources