This article explains how to preserve evidence, cut off access, and report cyberstalking before the risk gets worse.
What this article is about
If someone keeps messaging, monitoring, threatening, impersonating, or tracking you online, treat it as a pattern, not a weird one-off. Current guidance across Australia, New Zealand, the UK, and U.S. victim-safety resources points in the same direction: cyberstalking is repeated, unwanted behavior that can escalate offline, so the smart move is not to “keep them talking” for extra screenshots. The smart move is to preserve what already exists, reduce their access, and report sooner when the risk starts climbing.
Stop following bad advice
Police.uk puts it bluntly: “Anything you’ve got … can be useful to us, but don’t delay reporting to get it.” Suzy Lamplugh Trust goes further and warns victims not to take action solely to collect evidence because that can be dangerous. That kills the myth that you should drag the abuse out just to build a bigger folder.
Trying to bait a stalker into saying more can hand them exactly what they want: more time, more access, and more chances to escalate. eSafety says cyberstalking is dangerous and says not to wait to report it. Netsafe says to contact Netsafe or police before deleting content or blocking the abuser if that material may matter as evidence.
Save what exists first
You do not need a forensic lab. You need a clean, usable record. Current guidance recommends saving the full thread, the sender profile, the full URL, screenshots, dates, times, emails, and relevant email headers where applicable. Keep one incident log instead of scattering screenshots across your phone.
Use this evidence checklist:
- Screenshot the content and the sender profile.
- Copy the full URL, not just the site name.
- Save emails and, where relevant, the email headers too.
- Record the date, time, platform, account name, and what happened.
- Keep one running log and add report numbers or officer names once you report.
That is how you show a pattern instead of dumping a random pile of alarming images on a police officer, platform reviewer, or support worker.
Document the pattern, not the drama
Stalking cases often turn on repetition. Police.uk says two or more incidents can be reported, and Suzy Lamplugh Trust says an incident log helps demonstrate a course of conduct. That means boring, factual notes are better than dramatic summaries.
Your log should include the date, time, platform, account used, what happened, whether anyone witnessed it, and what you saved. Netsafe also recommends recording how the abuse affected you, because that can matter for support and legal purposes.
Cut contact after you have enough
Once the existing evidence is saved, the goal changes. You are no longer trying to “win” the conversation. You are trying to stop the stalker learning more about you. eSafety says to stop further contact, then use in-app tools to ignore, hide, mute, or block after collecting evidence, and to tighten privacy settings so the person has fewer ways to reach you.
Netsafe’s guidance points the same way: preserve the evidence first, then use blocking or reporting tools with a clearer head and a cleaner record. Evidence capture is a first step, not a reason to keep the abuse alive for another week.
Use the right move for the right scenario
| Situation | Best first move |
|---|---|
| Repeated unwanted messages, fake accounts, or cross-platform harassment | Save the thread, profile, URLs, and log entries; use platform reporting tools; then restrict or block after evidence is preserved. |
| Direct threats, doxxing, or the stalker showing up offline | Save what you already have and report to police or emergency services immediately. |
| Intimate-image threats or sextortion | Stop contact, do not pay, preserve evidence, and report straight away. |
| Signs of tracking, spyware, or account compromise | Use a safer device, save alerts and screenshots, and get specialist help or law-enforcement support. |
That decision tree reflects current guidance from eSafety, Netsafe, Police.uk, Apple, Android, and victim-safety specialists.
Shut the data leaks
Stalkers win when they can keep learning things about you. Review who can see your posts, who can contact you, whether your location is being shared, and which apps or devices still have access to your accounts. On iPhone, Apple’s Safety Check lets you review sharing, stop it quickly, review devices connected to your Apple Account, and update account security. On Google accounts, you can review recent security events for unfamiliar locations or devices and secure the account if something looks wrong.
If you use Android, Google’s unknown tracker alerts can show where a tracker has been detected with you, let you play a sound, and let you save screenshots of the alert, map, serial number, or owner information. Apple’s unwanted-tracking alerts do the same basic job for AirTags and other compatible Find My devices, including showing a map and helping you disable the item.
If they know too much, assume surveillance is possible
If the stalker seems to know where you are, who you spoke to, or what happened on a device they should not be able to see, think bigger than social media. eSafety lists location tracking, spyware, account access, and smart-device manipulation as cyberstalking behaviors. Safety Net Project warns that anything you do on a monitored device may be visible to the abuser and says to use a device they are not monitoring.
This is where people make reckless moves. Do not start searching for spyware or changing critical settings on a device you think may be compromised. Safety Net Project notes that some survivors use a safer device for help while keeping the monitored device unchanged for evidence or safety planning.
Know when evidence stops being the priority
Evidence first does not mean evidence forever. Report now if there are direct threats, location tracking, doxxing, offline appearances, blackmail, intimate-image threats, child exploitation, or any sign the abuse is accelerating. eSafety says not to wait to report cyberstalking, and its image-based abuse guidance says to stop contact and report rather than give the person more money, more images, or more access.
For Australians using eSafety for adult cyber abuse, the harmful content usually must first be reported to the platform, and eSafety says that is often the fastest removal route. That is useful process advice, but it does not override emergency reporting to police when someone’s safety is at risk.
Get specialist help, not just platform buttons
A platform report is not a safety plan. SPARC says that even when stalking is not connected to domestic violence, domestic violence or sexual assault service providers are often the right people to contact about stalking. That matters because stalking is a pattern-and-risk problem, not just a content-moderation problem.
Fast response checklist
- Unsafe right now? Call local emergency services or police now.
- Evidence saved? Screenshot, copy URLs, save messages, emails, and account details.
- Pattern logged? Put every incident into one running record.
- Exposure reduced? Tighten privacy and location settings, then restrict or block after evidence is preserved.
- Device risk? Use a safer device and check account activity or tracker alerts.
- Report made? Use the platform, police, and specialist support routes that fit the threat level.
Conclusion
Shutting down an online stalker is not about being cleverer in the chat. It is about being more disciplined off-screen. Preserve the proof that already exists. Record the pattern. Cut the access points. Use a safer device if surveillance is possible. Then report before the risk grows bigger than the evidence file. That is the strategy most consistent with current guidance from online-safety authorities, police, and victim-safety specialists around the world.