Cyberstalking Action Plan

In many cyberstalking and domestic abuse cases there is a known individual - like an ex partner - who is using the internet to communicate and keep track of you. Often this ex-partner knows information about you that they shouldn’t and you are not sure how. You are also likely incredibly keen to ensure you regain your privacy and confidence of being online.

The vast majority of individuals suffering cyberstalking or domestic abuse who we work with have completely lost confidence in their devices (such as phones, laptops, home wifi router and computers) and their online accounts (especially social media, messaging apps and email). They have often bought multiple new phones in the hope that these new phones will be secure and unknown to their ex-partner. Some are visiting their local library to access the internet to avoid using their devices. Many assume that everything odd that happens - like a wrong number, a pop up on their device, a change in device settings - is part of the stalking until it is proven otherwise. It is also common that they haven’t been believed in the past and are starting to worry that they are going slightly mad - or are never going to escape the stalker.

This guide aims to arm with you with the knowledge to regain your security, privacy and online confidence. In our experience these cases take time and it is important to move at your own pace. The following advice is closely aligned to the approach our volunteers take with cyberstalking and domestic abuse cases. If you would like to speak to one of our volunteers please use the chatbot here to describe your issue and ask to be connected with a volunteer when prompted (note this might be after it has linked you to one of our web guides).

First thing is to make sure you are safe. If you feel in any immediate danger you should call 999. If you are worried about your mental health use this NHS guide to take the right course of action.

Step one: Get expert stalking help

Stopping the individual from being able to follow you online or contact you is part of the process, but it is unlikely to be the whole solution. We strongly advise that you work with a specialist organisation to get the right expert support for your issue and get a safety plan in place.

Find the right expertise to help you

If you are being stalked then working with a stalking charity will help you understand the level of risk in your situation, provide the key resources and options you have in front of you and provide emotional support. The same goes for domestic abuse. The cases we work on that have a specialist organisation working hand in hand with our cyber security advice tend to have much better outcomes. You will find links to organisations that may be able to help you in our Useful Links section.

One other benefit of working with a specialist charity is that they will have lots of experience in helping you work with the police - we do recommend that the police are involved in these cases. There is still a long way to go for police forces to fully understand stalking and domestic abuse cases and a specialist organisation can really help this process. It also helps to understand the law in this areas - even at a high level. For example this legal guidance on Stalking & Harassment from the Crown Prosecution Service will give you a feel.

Finally, they will also explore offline options to deal with the stalking such as the legal tools at your disposal and ensure there is a plan in place to keep you safe.

Start a case with us

The Cyber Helpline team has a lot of experience of providing the cyber security elements of these cases and often work hand in hand with other specialist organisations. If you are already engaged with another charity they can refer your case here. Alternatively, you can start a case with us now and we can always bring in another organisation if you are happy for us to do so.

Step one to do list

  1. Make sure you are physically and emotionally safe

  2. Contact a specialist charity

  3. Report the issue to the police

Step two: Understand the stalker’s motivation, approach to date and technical capability

You don’t always know who the individual is in cyberstalking and online harassment cases. If you don’t know who the stalker is then this step will be less relevant to you, but it is still worth reviewing and completing what you can. It is important to note that the following steps are still 100% applicable to you even if you don’t know the identity of the stalker - so keep reading.

For the purpose of this step we are going to assume that the threat is coming from an ex-partner or at least someone you know. The key focus of this step is understanding their capability, level of motivation and resources. What we are really trying to do here is understand the history of the case and what action they may be able to take in future. Things to think about:

The Stalkers Identity

In the vast majority of stalking cases the stalker is someone the victim knows. This might be an ex-partner, a work colleague or a rejected partner. The stalking activity might be carried out in a current or past relationship - often where there is or was some form of domestic abuse. However, with cyberstalking it can be easier for the stalker to hide their identity.

The first question to ask is are you 100% sure you know who your cyber stalker is? What evidence do you have that the cyber stalker is the individual you think it is? Make a list of all of this evidence and make a note of all future interactions to gain a record of the stalking and an evidence base for the police.

If you have no idea who the cyberstalker is then it may be possible - with the help of the police - to find clues to their identity over the course of the stalking. When the stalker opens - or uses - an account on a service like Gmail, Facebook or Instagram the provider will log some data like IP address (the online location of the device being used) and this may provide insight into where the individual is and help you narrow down options. It is relatively straightforward to hide your IP address and other information online through so this isn’t always possible.

The Stalkers Approach

What has the stalker done to date? What accounts, website and apps has the stalker used to contact you? Has there been a physical element to the stalking like turning up at your workplace or home? List out all fo the forms of communication and where you suspect the stalker is getting information about you. This will be useful in coming up with a plan on how to both lock them out of your environment, but also for considering what channels you might leave open so that you can have some control over the engagement.

IT capability

Does the individual work in IT? Are they really good with computers? If yes, then they may be able to carry out more advanced action like using spyware or hacking your devices. If no, then they are unlikely to be able to do these things without expert help.

Access

How much physical access had the individual has to your current devices and accounts? Did they help you set up the devices? Did they set up your online accounts? Are you on a shared mobile phone contract? If the answer is yes to any of these questions then it is likely that they have been able to keep a good level of access to what you do online. For example if the individual set up your iCloud account they would be able to see photos, messages, emails and location information. Any account they have helped set up or had some access to needs extra attention in later steps.

Resources

Do they have their own computer and mobile phone? Do they have a lot of time and money? Anything advanced in cyber security takes a lot of time and money. If they have low resources then it is more likely to be standard activity like guessed passwords, access to online accounts etc. If they have a lot of resource available then more advanced cyber tools like spyware and other malware should be considered.

Motivation

Understanding the motivation of your stalker or abuser is an important step. If you have enlisted a specialist charity they will help you through understanding this. Stalking Risk Profile has a good overview of different types of stalker on their website here - these include the Rejected Stalker, the Resentful Stalker, the Intimacy Seeking Stalker, the Incompetent Suitor and the Predatory Stalker. Each types carries is own level of risk and standard types of stalking behaviours and should be used to guide the following steps.

Stalking Risk indicators

There is a common model used to understand the risk in stalking and domestic abuse cases called the DASH risk assessment. If you answer yes to any of the initial 12 questions then it is important you seek expert help as soon as possible. The 12 initial questions are:

  1. Are you very frightened?

  2. Is there previous domestic abuse or stalking/harassment history?

  3. Have they vandalised or destroyed your property?

  4. Have they turned up unannounced more than three times a week?

  5. Have they followed or loitered near your home or workplace?

  6. Have they made threats of a physical or sexual violence nature?

  7. Have they harassed or stalked any third party since the harassment began?

  8. Have they acted violently towards anyone else during the stalking incident?

  9. Have they engaged other people to help with their activities?

  10. Has the stalker had problems in the past year with drugs, alcohol or mental health?

  11. Is the stalker suicidal? Is there last resort thinking/finality?

  12. Have they ever been in trouble with the police or do they have a criminal history?

It is is important to remember that step two is a step that often takes expert support to work through. Using the expertise and experience of experts is the best way to get a clear understanding of the situation you are in. Contact us if you need help here or get in touch with an expert stalking / domestic abuse charity.

Step two to do list

  1. Assess your stalkers capability

  2. Answer the 12 DASH questions

  3. Seek expert support to get a clear view of your level of risk

Step three: Understand your online footprint

Now it is time to turn the attention back to yourself. The next step is getting a full understanding of your online footprint. This is the sum of the internet connected devices you have, what you do online and what data exists about you on the internet. If you can get a good feel of this then you will be able to understand what the cyber stalker can see about you, what information they have and how they might communicate or monitor you. This guide from The Centre for Protection of National Infrastructure (CPNI) is a really good overview of what this footprint is and how you can get an idea for yours.

Devices & Accounts

At The Cyber Helpline we have built an online form to gather information about your online footprint and we then work with you to fill in the gaps. Key areas to include are listed below. If you need to jog your memory for the accounts you use places like your browser history and the apps list in your settings are a great place to start. Make sure you note the make, model and operating system (e.g. Windows 10, MacOS High Sierra, Android 9.0 Pie etc) running on each device. Also note where the stalker has had physical access or has been involved in the account set up.

Devices - smartphones, tablets, laptops, desktops, wearable technology (like Fitbit or Apple Watch), games consoles and WiFi router.

Smart home technology - smart speakers (Amazon Alexa, Google Dot etc), internet connected CCTV, smart doorbells, Smart TV, internet connected appliances, online thermostats.

Social media & communication - email, social media and chat accounts.

Money - online banking accounts, online pension access, savings apps, investment apps.

Entertainment - online accounts for dating, gambling, gaming and shopping.

Basically if it is a device that connects to the internet or is an account or service you use online then you need to note it down.

Researching yourself online

Once this is done, we need to start exploring what general information is on the internet about you. This is where you enter same basic details about yourself - like name - into search engines and see what is out there. See page 20 of the CPNI guide listed above - to get a full list of things to search for and where to search. Whatever you find is information that the cyberstalker will know about you. You need to think through the repercussions of this and start shaping your online footprint.

It is important to remember that if the cyber stalker is an ex partner, or someone who knows you well, then they are going to have a lot of knowledge about you that isn’t online. For example they may know what you do online, what devices you use, who you are connected to online and what type of passwords you use. This should also be taken in to consideration when securing your online environment in later steps.

Stage three to do list

  1. Make a list of all of the devices you use to connect to the internet

  2. Make a list of all of the things you do online and the accounts you have

  3. Search for information out there on the internet about you and try and minimise this as much as possible

Step four: Secure your core environment

At this stage our homework is done and it is time to start reclaiming your security and privacy online. The focus of this step is to select a small section of your online footprint and work to secure it as best as possible. Once you are confident this small section of your footprint is secure we will eventually work through the rest.

Select a core section of your online footprint

Using the online footprint you worked on is the previous step, you should now selected the key parts you can’t live without. This is the absolute core of your online footprint that is key to your day to day life. For most of our cases this includes the home wifi network, a smartphone, a laptop or desktop, an email account, an online banking account and a messaging app. Securing this type of environment allows you to access the internet at home, be confident in a few key devices and stay connected to others. Your core online footprint may be different, which is absolutely fine, but the focus is on as small an environment as possible. Just pick the absolute core.

As stated above, it is likely that you find yourself with a number of different devices in your quest for privacy. There are a number of ways you can choose which device to focus on such as a) select those with a better reputation for security - for example Apple devices are considered more secure than Windows or Android devices or b) select the device you started with - many of our users had an iPhone or a Samsung phone that they turned off and then bought cheaper, disposable phones at a later date or c) simply select the device you feel more comfortable with or trust the most.

One extra thing to consider here is home technology. If you lived with the individual or they had physical access to your house then you may want to focus on any home smart technology that may enable surveillance. For example if you have an internet connected home security system - that has cameras and microphones - then you are likely to want to include this in your core environment due to the risk it presents.

Work to secure this core environment

At The Cyber Helpline we believe that a good level of cyber security can be reached with minimal expenditure, if any. Unless you have a cyber stalker who you know has a high level of IT capability and resources (see step two) then enabling free security functionality and having good security behaviors should be enough.

Let’s work through an example. Above we listed a typical core environment. Let’s assume that a more detailed version of this is:

  • Home WiFi network = A Sky router as part of a wider package.

  • Smartphone = An iPhone 6s.

  • Laptop = A MacBook Pro

  • Email = A Gmail account

  • Bank account = Santander

  • Messaging app = WhatsApp

  • Home security = Canary Pro

You can see a worked example of the written advice we would give to secure the above core environment here. This advice would typically be provided after the case history is taken, the user has filled in our Online Footprint form and a core environment has been selected. Once this advice has been provided over email our Helpline Responders would provide telephone and email support to the user to help them through the process.

Now you can Google pretty much any device or account and find a guide for how to secure them. We recommend that you have a search online for security advice - start of with the providers themselves - and then start working through the advice. There are also security resources like Get Safe Online and the National Cyber Security Centre’s site which are useful. If you have a case with us we will provide some specific advice for each aspect. We also have a number of web guides that might help.

Learn about good security behaviours

Good security isn’t just about how secure your internet connection, devices and online accounts are. It is also about what you do online and how you react to certain situations. Reading some articles on how to keep yourself secure can go a long way in keeping you secure. Booking some time regularly to think about your security is also a very good idea while you are being stalked and beyond. The Get Safe Online and National Cyber Security Centre’s site are good sources of information, but here are some general tips and things to think about:

  1. Be suspicious and trust your gut.

  2. Use good passwords and change them regularly.

  3. Enable two-factor authentication on all sites and devices where it is offered.

  4. Always review the security settings of new accounts and devices and enable functionality.

  5. Make sure you update software on all devices you own as soon as an update is available.

  6. Be careful about where you access the Internet. Use your mobile data unless you trust the wireless connection is secure.

  7. Don’t click on links or attachments in emails. Criminals sending you emails is the most likely way for you to be targeted.

  8. Install and use antivirus on your devices.

  9. Don’t let people have physical access to your devices.

  10. Be careful about what you share and who you connect with online.

  11. Back up your data regularly and keep this backup secure.

Step four to do list

  1. Select your core online footprint

  2. Work to secure this core environment

  3. Learn how best to keep this environment secure and protect your privacy

Step five: Secure your wider environment

Now we are confident that you have a good level of security on your core environment, and you have learnt the basics of keeping it secure, we can move on to your wider environment.

Remove what you don’t use or need

Before we do though we need to try and reduce it is much as possible. Go back to step three and look at what is left outside of your core environment. If there is anything you don’t use anymore, or would rather not use as a result of the stalking, now is the time to close the accounts. It is important to close these accounts properly and not leave them dormant - or deactivated - in case they are hacked and used at a later date. Remember that there is a difference between deactivating an account and deleting an account. With deactivation your account is taken offline, but still exists and you can log in and reactivate it. With deletion the account is permanently deleted.

Sites like AccountKiller can be useful in understanding how to delete online accounts, but often the providers website is the best source of information. For example here is Facebook’s guide on how to permanently delete a Facebook profile. If in doubt get in touch with the provider and get them to talk you through the best way to delete your account and data.

Secure the rest of your online footprint

With the rest of your online footprint selected, it is time to methodically work through each aspect putting security in place. Again you can use the providers websites, online guides from reputable sources or start a case with us and get tailored advice.

One thing it is important to consider here is leaving a channel of communication open to the stalker. In step two we noted the stalkers approach to date - the good thing about this is that we understand it and can work around it. If you completely block the stalker from his/her usual channels then their behaviour may change and therefore be unpredictable. For example in extreme cases this could force a physical form of stalking. Work with your expert charity - or us - to consider what you should leave open and how you can minimise the impact on you. Is the stalker is sending emails to a specific email account you could filter these emails into a folder or abandon that email account, but keep it open to review messages every so often.

Step five to do list:

  1. Review the rest of your online footprint

  2. Decide what you no longer need and close down accounts or wipe and get rid of devices

  3. Work to secure what is rest of your online footprint

Step six: Monitor, log and course correct

You have worked hard to secure your environment, but the job isn’t finished. Maintaining security takes ongoing action and there is little doubt that the stalker will continue to communicate with you and try to invade your online security and privacy. As incidents happen it is important to keep a log of them noting key information like accounts used, devices, time, date, usernames etc. You should also screenshot the issues as much as possible and keep a copy.

In our experience there are three categories of online incidents:

  • Priority one: Evidence that your secure environment has been breached - this is where you know that the stalker has managed to hack into your environment. They might have got into your email or social account and send a message to you from your own account. Your antivirus may have detected some spyware or other form of malware. It may be that a piece of information has got into the hands of the stalker that was only on a device or in an online account. Priority one events should be immediately tackled by resecuring the affected devices/accounts and then reported to the police.

  • Priority two: Direct contact from the outside to your secure environment - priority two events are where the stalker has managed to open a new line of communication with you. Maybe they have opened a new email account or social media account and used this to send you messages. Or maybe they have managed to hack one of your friends and family’s accounts and used that. In these cases you should note the details of the new accounts, report them to the police and the service providers and then block them from being able to send you messages.

  • Priority three: Security alerts from failed activity - now you have improved security in place you are more likely to be alerted to suspicious activity on your accounts. For example you might receive a two-factor authentication code you didn’t request (meaning someone is trying to log into one of your accounts); get a notification that someone has tried to connect a new device to your account or see in your security settings a list of failed logons to your account. These you only need to log, note down the details and pass onto the police if you have a live case.

During the stalking you are likely to have a heightened sense of awareness about online activity. Anything that happens you don’t understand - like a pop-up, change in settings or glitch - you are likely to consider as part of the stalkers activity. Work to understand the issue - get expert help if needed - and work to put it into one of the categories above.

Step seven: Don’t lose heart

It can be a long road dealing with a cyberstalker - both in terms of the emotional rollercoaster and the practical side of dealing with the stalking. While you are online there is always going to be a way for the individual to contact you - maybe through a fake account or by going through your friends and families accounts. The trick is to keep going and not lose faith in the process. Keep identifying new issues with your online footprint and keep resecuring it.

As time goes on you will get more and more confident being online and in your core environment. The cyberstalker will appear around the edges, but not be able to penetrate your online privacy. Knowing where and how the stalker is likely to appear online also provides you with more control in how you engage.

The cyber security part is often the easy bit. Dealing with the emotional challenge of being stalked and the risk and disruption that brings to your life can be incredibly difficult. Make sure you are getting the emotional support and seek expert support for your mental health if you need it.

Step seven to do list:

  1. Don’t lose heart - these cases take time, but you will see improvement if you stick with it.

  2. Make sure you have the right support around you - be that friends and family or mental health professionals. Use our Useful Links page to find some organisations that might be able to help.

Step eight: Donate, we need your support to protect people from cyberstalkers

To help people like you we rely 100% on donations from people like you.

Without donations we cannot keep our service free and provide help to the most vulnerable victims of cyber crime when they need it most.

As a not-for-profit organisation, 100% of your donation goes towards keeping The Cyber Helpline up and running - so 100% goes towards helping people like you. 

Donate now and help us support victims of cyber crime.

Step eight to do list:

  1. If you found this guide helpful please donate to allow us to help more people like you.