Online harassment is a control problem. The attacker is trying to reach you, pressure you, or trigger public reactions. Your job is to regain control of contact surfaces, identity signals, and evidence, then escalate through official channels when threats cross a line.
| Start here | Do this | Why it matters |
|---|---|---|
| Safety | If threats are credible or you are at immediate risk, prioritize personal safety and local professional support first | Online steps are secondary to physical safety |
| Evidence | Preserve URLs, screenshots, timestamps, and message threads before accounts or posts disappear | Evidence makes reports and escalation work |
| Access control | Secure email and key accounts with 2FA, then sign out unknown sessions | Harassment frequently escalates into impersonation or takeover |
| Reduce contact | Restrict DMs, tagging, comments, and follower visibility where possible | Less reach means less volume and fewer entry points |
| Reporting | Report from inside the platform using the most specific category, and include direct URLs | Vague reports without links are easier to ignore |
Safety note: do not negotiate with extortion threats. Preserve the messages and use official reporting channels. If you are in immediate danger, contact local emergency services.
Preserve evidence without amplifying the harassment
Evidence is leverage. Preserve it quietly and avoid reposting harassment to “warn others”, which often increases distribution.
- Screenshot the harassment, including the profile name, the URL, and the timestamp.
- Copy direct URLs to posts, profiles, and message threads.
- Keep a private timeline of incidents and reports (ticket IDs, emails, dates).
- If the harassment is on multiple platforms, track the same identifiers across sites (usernames, images, domains).
Reduce contact surfaces first
Most harassment becomes manageable when the attacker cannot reach you cheaply. Tighten the surfaces that create direct access.
- Restrict DMs and message requests to people you follow, friends, or approved accounts.
- Restrict tagging, mentions, and comments to trusted groups.
- Hide or archive older posts that provide targeting material. See how to hide social media posts.
- Remove public contact info from bios (email, phone) and avoid publishing real-time location patterns.
If you want a structured privacy pass across platforms, use how to manage your privacy settings for social media and reduce your digital footprint.
Rule of thumb: block and report beats arguing. Engagement is a fuel source for harassment campaigns.
Secure accounts to prevent escalation into takeover or impersonation
Harassment and account compromise often overlap. Attackers may try to hijack an account to post as you, or use your inbox to intercept reports and recovery.
- Secure your primary email account first and enable 2FA.
- Review mailbox rules (forwarding, delegates) and recent sign-ins.
- Change passwords from a clean device and sign out of unknown sessions.
- Remove connected apps and third-party access you do not need.
If you see signs of compromise, use how to check if you have been hacked. If prompts persist after resets, check device integrity: how to detect spyware.
Impersonation: treat it as a parallel incident
Impersonation keeps harassment alive because it creates new accounts that can reach your contacts. The evidence workflow is the same, but your reports should be specific.
- Collect direct URLs for the impersonating profile and the posts that prove the impersonation.
- Report under impersonation, identity misuse, or fraud categories, not generic harassment.
- Ask close contacts to report the impersonation as well. Independent reports often change response speed.
Doxxing and exposure risk
If the harassment involves your address, workplace, family, or private images, treat it as an exposure-control incident. The goal is to reduce how easily attackers can connect online identities to real-world locations.
- Remove public identifiers that link accounts together (same username, same profile photo, public email).
- Lock down account recovery channels so attackers cannot obtain more material.
- If images are involved, work source removal first, then reduce search visibility. See how to remove images from Google Search.
Reporting and escalation
Platform reporting works better when you are consistent and specific: direct URLs, clear category selection, and a stable evidence packet. Escalate beyond platform tools when the situation becomes a safety incident.
- If you are in the US and the harassment involves extortion, hacking, or financial fraud, you can report to FBI IC3.
- If minors are involved or you suspect CSAM, do not investigate yourself. Use the National Center for Missing and Exploited Children CyberTipline immediately.
- If you need immediate emotional support in the US, the 988 Lifeline is available.
Stabilize the next week
Once the volume drops, avoid the common relapse: reopening contact surfaces because things feel quiet. Keep the controls in place long enough that the attacker loses interest and loses access.
- Re-check privacy settings weekly for a short period. Defaults and feature rollouts change.
- Review sign-in alerts and sessions for key accounts.
- Keep your evidence timeline updated and private.
The stable endpoint is a quieter environment where the harasser cannot easily reach you, cannot easily impersonate you, and cannot easily gain access to your accounts. That outcome comes from evidence discipline and consistent boundaries, not from winning arguments or perfect moderation. Once contact surfaces are constrained and the control plane is secure, you can choose what to keep public on your terms.