FalseOS
Expose the lies. Report the abuse.
General legal information
Not legal advice
Online harassment reporting guide

Reporting online harassment in South Africa

Step-by-step, source-backed guidance: where to file, the exact offences to name, and how to escalate until your case is assigned.

URGENTIn immediate danger? Call 10111 now.

10111 (SAPS national emergency / Flying Squad). From a mobile phone you can also dial 112, which routes to the national emergency call centre.

Most people here are not in an active emergency. To start an official record, use the non-emergency steps below.

STEP 1

Start the paper trail

File a non-emergency report, and do the single most important thing: get your report / reference / occurrence number. That number is the key that unlocks platforms, prosecutors, employers and protective orders.

In person at any SAPS police station (Community Service Centre) - the primary way to open an official case and get a CAS reference

At the Community Service Centre a police official takes your sworn statement, opens a case docket, and registers the case on the CAS system. You are given a CAS number (the case reference) by SMS or telephonically - keep it for all future enquiries about the case. The docket is the main source document recording the offence(s) and is assigned to a detective for investigation. Bring all evidence: screenshots, message logs, URLs, dates/times, phone numbers, email headers, and any identifying info on the harasser.

Go to your nearest police station, 24/7. Give a statement under oath; the official registers it on the SAPS Crime Administration System (CAS).Official source · saps.gov.za ↗
MySAPS mobile app (official SAPS app, Android & iOS)

Lets you submit crime tip-offs/information and find your nearest station. Treat it as a supplement; to obtain a CAS docket and reference number for an investigation you still generally need to give a sworn statement at a station.

Free 'MySAPS' app on Google Play / Apple App StoreOfficial source · saps.gov.za ↗
SAPS Crime Stop (anonymous tip-off line)

Toll/share-call line to report criminal activity anonymously. Use for tips; it does not by itself open a docket in your name or generate a CAS reference - go to a station for that.

08600 10111Official source · saps.gov.za ↗
STEP 2

File with the national cybercrime body

File here in addition to, not instead of, your local police report.

South African Police Service (SAPS) - local station and detective branch

First port of call for any cybercrime/online harassment complaint. The station opens the CAS docket; the detective investigates and, for malicious-communications offences, can apply the Cybercrimes Act investigative tools. SAPS Head Office switchboard: +27 (0)12 393 1000.

saps.gov.za →10111 (emergency) / +27 12 393 1000 (head office)
Directorate for Priority Crime Investigation (DPCI / 'the Hawks')

SAPS specialised unit for serious, organised, commercial and priority crime (including serious cyber-enabled fraud/extortion). Escalate here when a matter is high-value, organised, or a station is not progressing it. National Head Office, Silverton, Pretoria.

saps.gov.za →
Information Regulator (South Africa) - POPIA

Regulator for unlawful processing/disclosure of personal information (relevant to doxxing). Lodge a POPIA complaint via the eServices portal. Enquiries 010 023 5200; Toll-free 0800 017 160; enquiries@inforegulator.org.za. eServices complaint portal: https://eservices.inforegulator.org.za/

inforegulator.org.za →010 023 5200 / 0800 017 160
INTERPOL National Central Bureau (NCB) Pretoria

SAPS unit (sits within SAPS) that is the channel for transnational police cooperation - the route by which a foreign victim's police force triggers SAPS action against a South Africa-based perpetrator. Reached police-to-police, not directly by the public.

interpol.int →
What to report it as

The offences in South Africa

Use the right words. Lead with threats, stalking and doxxing, not “someone is being mean.” Tap any offence for the full elements and the official source.

Criminal harassment / stalkingProtection from Harassment Act 17 of 2011Max penalty: Breach of a protection order (s.18(1)(a)): fine or imprisonment not exceeding 5 years. ECSP failing to furnish information under s.4 (s.18(4)): fine not exceeding R10,000 (provider) / fine or imprisonment not exceeding 6 months (employee).

What it covers. Civil protection-order regime against harassment (including electronic/online conduct, watching/following/pursuing, and unwanted communication); breaching a protection order is a crime. This Act is fully in force and is the correct live route to unmask an anonymous harasser (s.4).

Section. s.1 (definition of 'harassment'); s.2-3 (application for protection order); s.4 (direct an ECSP to furnish the harasser's name, identity number and address); s.10 (final protection order); s.18(1)(a) (offence of breaching order) · Hybrid: the harassment remedy itself is a civil protection order (obtainable fast at a magistrate's court, no lawyer required); the CRIMINAL offence arises on breach of the order. There is no standalone statutory crime of 'stalking' - stalking conduct is captured via this Act and/or crimen injuria.

Key elements. 'Harassment' = directly/indirectly engaging in conduct the respondent knows or ought to know causes harm, or inspires a reasonable belief of harm, to the complainant or a related person, by unreasonably following/watching/pursuing/accosting, or by verbal/electronic/other communication, or sending/delivering objects, etc. Court issues an interim then final order. s.4 lets the magistrate direct an electronic communications service provider to furnish the respondent's name, surname, identity number and address to establish identity/address. Intent for the breach offence: contravening any prohibition/condition/order under s.10.

Official source · justice.gov.za ↗
Criminal threats / death threats (electronic)Cybercrimes Act 19 of 2020Max penalty: Fine or imprisonment not exceeding 3 years, or both (s.19(7)).

What it covers. Criminalises unlawfully and intentionally sending, via an electronic communications service, a data message that threatens a person (or related person/group) with violence or damage to property, judged by a reasonable-person test. In force since 1 December 2021.

Section. s.15 (data message that threatens persons with damage to property or violence); penalty s.19(7) · Criminal (statutory). In operation since 1 December 2021 (Proclamation 42, GG 45562).

Key elements. By means of an electronic communications service, unlawfully and intentionally 'discloses' a data message that threatens a person/related person/group with (i) damage to property or (ii) violence; AND a reasonable person with the same information would perceive it as such a threat. 'Disclose' is broadly defined (send, store online, or share a link). 'Violence' = bodily harm.

Official source · gov.za ↗
Criminal threats - incitement to violence/damage (electronic)Cybercrimes Act 19 of 2020Max penalty: Fine or imprisonment not exceeding 3 years, or both (s.19(7)).

What it covers. Criminalises disclosing, via an electronic communications service, a data message intended to INCITE damage to property of, or violence against, a person or group. In force since 1 December 2021.

Section. s.14 (data message which incites damage to property or violence); penalty s.19(7) · Criminal (statutory). In operation since 1 December 2021 (Proclamation 42, GG 45562).

Key elements. Discloses by electronic communications service a data message to a person/group/general public with the intention to incite (a) damage to property belonging to, or (b) violence against, a person or group of persons.

Official source · gov.za ↗
Criminal threats / intimidation (general, non-electronic)Intimidation Act 72 of 1982Max penalty: A fine of up to R20,000 and/or imprisonment of up to 10 years under the Intimidation Act, noting that the relevant part of s.1 was affected by recent constitutional challenge; confirm the current maximum against the Act.

What it covers. Criminalises, without lawful reason, assaulting/injuring or causing damage (or threatening to do so) to a person or their property to compel or induce them to do or abstain from doing something, or to surrender an advantage. Apartheid-era statute, partly invalidated.

Section. s.1(1)(a) (surviving offence); s.1(1)(b) and s.1(2) struck down · Criminal (statutory) - but heavily cut down. In Moyo & Sonti v Minister of Police [2019] ZACC 40 the Constitutional Court declared s.1(1)(b) and s.1(2) unconstitutional and invalid; only s.1(1)(a) survives.

Key elements. s.1(1)(a): without lawful reason and with intent to compel/induce a person to do/abstain from an act or to assume/abandon a standpoint, assaults, injures or causes damage to, OR threatens to assault/injure/cause damage to, a person or property.

Official source · saflii.org ↗
Crimen injuria (impairment of dignity) - covers serious insults, racial abuse, sexual harassment, and some online dignity violationsSouth African common law (crimen injuria)Max penalty: No fixed statutory maximum; sentence is in the convicting court's discretion within its penal jurisdiction (fines and/or imprisonment have been imposed, including custodial sentences in egregious racial-abuse cases). Penalty is case-by-case.

What it covers. Unlawfully, intentionally and seriously impairing the dignity (dignitas) or privacy of another person. Routinely used for serious verbal/online abuse, racist slurs, and sexual or degrading messages. Still in force in 2026 and actively prosecuted (e.g. a custodial sentence in the Momberg racial-abuse matter). Distinct from the now-repealed crime of defamation.

Section. Common-law crime (no statutory section number) · Criminal (common law) - still in force in 2026. Distinct from criminal defamation, which has been repealed (see the defamation entry).

Key elements. Unlawfulness (no justification such as fair comment/consent); animus iniuriandi (intent to impair dignity); and serious impairment of the victim's dignity or privacy, assessed with regard to the victim's reasonable perception. Open a case at a SAPS station like any other crime.

Official source · saps.gov.za ↗
Defamation / libel (CRIMINAL) - status clarificationJudicial Matters Amendment Act, 2023 (assented to / signed into law 3 April 2024)Max penalty: Not applicable - criminal defamation has been abolished. Civil defamation yields damages/interdicts, not a criminal penalty.

What it covers. South Africa has REPEALED the common-law CRIME of defamation. The Judicial Matters Amendment Act, 2023 (signed by President Ramaphosa on 3 April 2024) repealed the common law relating to the crime of defamation. The Presidency's official statement confirms that crimen injuria and CIVIL remedies for defamation continue to apply.

Section. Provision repealing the common-law crime of defamation · Criminal defamation: NO LONGER a crime (repealed 2024). Civil defamation: still available as a civil claim (damages, interdict, apology). Crimen injuria: still a crime (see separate entry).

Key elements. For a victim of online libel: pursue (a) a CIVIL defamation claim (damages/interdict/retraction) via the High/Magistrate's court; and/or (b) crimen injuria criminally if dignity is seriously impaired; and/or (c) a Protection from Harassment Act order. Criminal defamation as such can no longer be charged.

Official source · gov.za ↗
Cyber extortion / extortionCybercrimes Act 19 of 2020Max penalty: No fixed maximum stated; under s.19(4) the convicting court may impose a sentence under s.276 of the Criminal Procedure Act, 1977 within its penal jurisdiction (where another law does not prescribe a penalty). Aggravated forms (s.11) carry up to 15 years under s.19(3).

What it covers. Criminalises unlawfully and intentionally committing or threatening to commit a core cyber offence (unlawful access/interference under ss.3(1), 5(1), 6(1) or 7(1)(a)/(d)) to obtain an advantage or to compel a person to act or abstain. In force since 1 December 2021.

Section. s.10 (cyber extortion); sentencing via s.19(4) · Criminal (statutory). In operation since 1 December 2021. Common-law extortion also remains available for non-cyber threats to extort.

Key elements. Unlawfully and intentionally commits OR threatens to commit an offence under s.3(1)/5(1)/6(1)/7(1)(a) or (d), for the purpose of (a) obtaining any advantage from another, or (b) compelling another to perform or abstain from an act.

Official source · gov.za ↗
Identity theft / fraud / forgery / impersonation (cyber)Cybercrimes Act 19 of 2020Max penalty: No fixed maximum stated for ss.8 and 9; under s.19(4) the court may impose an appropriate sentence under s.276 of the Criminal Procedure Act, 1977 within its penal jurisdiction. Where the conduct also amounts to an offence carrying a set penalty, that penalty applies.

What it covers. Cyber fraud: unlawful misrepresentation by means of data/a computer program causing actual or potential prejudice. Cyber forgery/uttering: making or passing off false data/false computer program to another's prejudice. These cover online impersonation, fake accounts/profiles, and account/identity misuse to defraud. In force since 1 December 2021.

Section. s.8 (cyber fraud); s.9(1) (cyber forgery) and s.9(2) (cyber uttering); sentencing via s.19(4) · Criminal (statutory). In operation since 1 December 2021. Common-law fraud and theft also remain (s.12 confirms theft includes theft of incorporeal property).

Key elements. Cyber fraud (s.8): unlawfully + intent to defraud + misrepresentation by data/computer program (or by interference under ss.5/6) + actual/potential prejudice. Cyber forgery (s.9(1)): unlawfully + intent to defraud + makes false data/false computer program to actual/potential prejudice. Cyber uttering (s.9(2)): passing off such false data/program.

Official source · gov.za ↗
Non-consensual intimate images (revenge porn) - frequently part of harassment campaignsCybercrimes Act 19 of 2020Max penalty: Fine or imprisonment not exceeding 3 years, or both (s.19(7)).

What it covers. Criminalises unlawfully and intentionally disclosing, via an electronic communications service, a data message of an intimate image of a person without their consent (covers real or simulated images and identifiable/described victims). In force since 1 December 2021.

Section. s.16 (disclosure of data message of intimate image); penalty s.19(7) · Criminal (statutory). In operation since 1 December 2021.

Key elements. Person A unlawfully and intentionally discloses, by electronic communications service, a data message of an intimate image of B, without B's consent. B includes anyone identifiable, described, or identifiable from other information as displayed.

Official source · gov.za ↗
Doxxing (publishing private personal information)Protection of Personal Information Act 4 of 2013 (POPIA) + Protection from Harassment Act 17 of 2011 (+ crimen injuria where dignity impaired)Max penalty: POPIA administrative fines up to R10 million for the Regulator's enforcement; specific POPIA offences carry fines and/or imprisonment up to 10 years for the most serious. Penalty depends on which provision is engaged - verify the specific section before quoting a figure.

What it covers. There is NO standalone 'doxxing' crime in South African law. Remedies are layered: lodge a POPIA complaint with the Information Regulator for unlawful processing/disclosure of personal information; obtain a Protection from Harassment Act order to stop ongoing harassment (using s.4 to unmask an anonymous poster); pursue crimen injuria if dignity/privacy is seriously impaired; and use Cybercrimes Act ss.14/15 if the dox incites or threatens violence.

Section. POPIA: complaint route via the Information Regulator (not a single 'doxxing' crime). PHA: protection order (and s.4 to identify an anonymous poster). Cybercrimes Act ss.14/15 if the disclosure incites or threatens violence. · Mixed: POPIA is primarily a regulatory/civil enforcement regime (Information Regulator can investigate, issue enforcement notices, and impose administrative fines up to R10 million; certain breaches are offences). The criminal hook for the doxxing conduct itself usually runs through crimen injuria, the Cybercrimes Act (if threats/incitement), or breach of a harassment order.

Key elements. POPIA: 'any person may submit a complaint' to the Information Regulator alleging interference with the protection of personal information of a data subject; lodge via the eServices portal. PHA: show harassment via electronic communication; s.4 directs an ECSP to furnish the poster's identifying particulars. Crimen injuria: serious intentional impairment of dignity/privacy.

Official source · inforegulator.org.za ↗
Unlawful interception / unlawfully obtained or intercepted informationRegulation of Interception of Communications and Provision of Communication-Related Information Act 70 of 2002 (RICA)Max penalty: Unlawful interception (s.49(1)): fine not exceeding R2,000,000 or imprisonment not exceeding 10 years.

What it covers. Prohibits intentional interception of communications without authorisation. Relevant where a harasser has unlawfully intercepted/obtained a victim's communications or data. s.4 also provides the one-party-consent rule for recording your own calls.

Section. s.2 (prohibition on interception); s.4 (party-to-communication exception); s.49 (penalty) · Criminal (statutory).

Key elements. s.2: intentionally intercepting (or attempting/procuring) any communication in the course of its occurrence/transmission without falling within an exception. s.4(1): a person who is a PARTY to the communication may lawfully intercept/record it (unless to commit an offence) - this is the one-party-consent rule for recording your own calls.

Official source · justice.gov.za ↗
Court order to identify an unknown online harasser AND order a platform takedownProtection from Harassment Act 17 of 2011 (s.4) - LIVE route. Cybercrimes Act 19 of 2020 (ss.20-21) - ENACTED BUT NOT YET IN FORCEMax penalty: PHA s.18(4): an ECSP failing to furnish information faces a fine up to R10,000 (provider) / fine or imprisonment up to 6 months (employee). Cybercrimes Act s.23 penalty (up to 2 years for non-compliance with a s.20 order or s.21 direction) is NOT yet operative because Part VI is not in force.

What it covers. The LIVE mechanism to unmask an anonymous harasser is the Protection from Harassment Act s.4: a magistrate may direct an electronic communications service provider to furnish the harasser's full name, ID number and address so the protection order can be served - and this works without the victim knowing who the harasser is. IMPORTANT: the Cybercrimes Act s.20 takedown order and s.21 unmasking order are NOT yet in operation. Part VI of Chapter 2 (ss.20-23) was expressly excluded from the 1 December 2021 commencement proclamation (Proc. 42, GG 45562) and has not been brought into force as of 2026. There is currently NO operative Cybercrimes Act statutory takedown order; a victim relies on the PHA s.4 route plus, for content removal, the protection-order conditions and direct platform/host reporting and takedown processes.

Section. PHA s.4 (direct an ECSP to furnish the harasser's name, identity number and address) - in force. Cybercrimes Act s.20 (protection order: prohibit disclosure / order ECSP to remove or disable access to the data message) and s.21 (direct an ECSP to furnish particulars to identify an unknown person) - Part VI of Chapter 2, NOT commenced as of 2026. · PHA s.4: court-order mechanism (magistrate's court), fully in force; non-compliance by an ECSP is an offence under s.18(4). Cybercrimes Act ss.20-23: enacted but dormant (not yet commenced).

Key elements. PHA s.4: the magistrate may direct an ECSP to furnish (by the prescribed process) the respondent's name, surname, identity number and address to establish the respondent's identity and address, where the harasser's identity is unknown. This is not limited to specific cyber-offence sections and is the correct live unmasking route. Cybercrimes Act s.20/s.21 (when eventually commenced) would add an express takedown order and a parallel unmasking direction, but they cannot be used until proclaimed in force.

Official source · beta.acts.co.za ↗
Doxxing status in South Africa

No standalone 'doxxing' crime exists in South African law. Remedies are layered: (a) lodge a POPIA complaint with the Information Regulator for unlawful disclosure/processing of personal information (eServices portal: https://eservices.inforegulator.org.za/; enquiries 010 023 5200, toll-free 0800 017 160, enquiries@inforegulator.org.za) - the Regulator can investigate, issue enforcement notices and impose administrative fines up to R10 million; (b) obtain a Protection from Harassment Act order, and use s.4 to direct an ECSP to identify an anonymous poster (this is the live unmasking route); (c) pursue crimen injuria criminally where the disclosure seriously impairs dignity/privacy; and (d) use Cybercrimes Act ss.14/15 if the doxxing incites or threatens violence (up to 3 years, s.19(7)). NOTE: the Cybercrimes Act s.20 takedown order is NOT yet in force (Part VI of Chapter 2 has not commenced as of 2026), so content removal relies on protection-order conditions plus direct platform/host takedown reporting rather than a Cybercrimes Act s.20 order.

Recording your calls

One-party consent (a party to the call may lawfully record it)

Source ↗
If the person is in another country

Report at home, and trigger action where they are

If the person is in the United States

Keep doing everything above in South Africa. At the same time, the fastest leverage often sits in the United States, where the person actually is.

Fastest lever in the United States

The fastest practical levers against a U.S.-located perpetrator are: (a) platform reporting and content removal directly to the host service (the U.S. has no general government takedown order against a private individual's speech, and platforms have Section 230 immunity for user posts, so the platform's own abuse/terms process is the front-line removal tool); and (b) a state civil or criminal protective / restraining order (a stalking or harassment protection order, process varies by state), which once issued is enforceable against the U.S.-located respondent and makes any further contact a new, more readily charged offense. Where the conduct is interstate threats or cyberstalking, a U.S. federal case (18 U.S.C. § 875(c), § 2261A) opened via the FBI is the route to criminal action and to compelling evidence from U.S. providers.

How the case reaches them

A foreign victim whose harasser is located in the United States does not file with U.S. federal agencies from abroad and wait. The reliable inbound path is police-to-police: report the matter to your own national police / cybercrime unit in your home country and ask them to channel it to U.S. authorities. Two official conduits carry it: (1) INTERPOL, where your country's National Central Bureau transmits the request to INTERPOL Washington (the U.S. NCB inside the DOJ, the U.S. contact point for the 196-member INTERPOL network), and (2) a Mutual Legal Assistance Treaty (MLAT) or letter rogatory, the formal government-to-government request handled on the U.S. side by DOJ's Office of International Affairs, used to compel evidence such as subscriber records and content from U.S. platforms. U.S. platforms (where most of the abusive content sits) are themselves in the U.S., so a U.S.-based investigation or valid U.S. legal process is the lever that reaches them. In parallel, a victim can and should file directly with the FBI Internet Crime Complaint Center (https://www.ic3.gov) and the FBI tip line (https://tips.fbi.gov); IC3 accepts international complaints and may refer them to the appropriate U.S. or partner agency.

There is no single U.S. government body that will unmask an anonymous account or order a takedown on a foreign victim's request without a U.S. investigation or U.S. legal process. The most effective sequence is: preserve evidence (dated screenshots, URLs, usernames, headers), report to your home-country police so they can engage INTERPOL Washington / the MLAT process, file directly with the FBI/IC3, and pursue platform removal plus a state protective order against the named or identified U.S. perpetrator.

The honest truth: you cannot contact Interpol yourself, only police can. Ask your own investigating officer to pursue international coordination, and keep them supplied with your evidence.
If the person is in the United Kingdom

Keep doing everything above in South Africa. At the same time, the fastest leverage often sits in the United Kingdom, where the person actually is.

Fastest lever in the United Kingdom

UK-wide: Ofcom’s Online Safety Act 2023 duties over platforms with UK users, plus the platform’s own law-enforcement channel once a UK police reference exists. Nation-level harassment/stalking protective orders are available through the relevant nation’s courts.

How the case reaches them

When the perpetrator is in the UK, a foreign victim triggers action police-to-police through the UK Interpol National Central Bureau (run via the National Crime Agency); the specific UK force that investigates depends on the nation (a Home Office force in England & Wales, Police Scotland, or the PSNI). The victim reports at home and asks their own investigating officer to pursue UK coordination.

For nation-specific offences and the exact police service, see the selected nation below.

The honest truth: you cannot contact Interpol yourself, only police can. Ask your own investigating officer to pursue international coordination, and keep them supplied with your evidence.
If the person is in Canada

Keep doing everything above in South Africa. At the same time, the fastest leverage often sits in Canada, where the person actually is.

Fastest lever in Canada

The fastest practical relief against content or conduct from a Canada-based perpetrator runs through (a) the Canadian police service of jurisdiction, which can investigate and charge under the Criminal Code (criminal harassment s.264, uttering threats s.264.1, extortion s.346, identity theft/fraud s.402.2/403, and for intimate-image exposure s.162.1), and (b) platform-level takedown plus provincial civil remedies. Canada has no single national takedown regulator equivalent to Australia’s eSafety or the UK’s Ofcom. For intimate images there is a Criminal Code removal/forfeiture pathway tied to s.162.1, and victims can seek provincial civil and protective remedies (peace bonds, restraining orders, provincial intimate-image laws) while a criminal investigation proceeds.

How the case reaches them

When the perpetrator is located in Canada and the victim is abroad, the foreign victim does not contact Canadian police directly. The victim reports to their OWN national police, who route a police-to-police request to Canada through INTERPOL. Canada's international channel is the INTERPOL National Central Bureau (NCB) Ottawa, run by the RCMP at National Headquarters and operating 24/7; it receives, evaluates and processes assistance requests to and from the 195 INTERPOL member countries and administers the Foreign Criminal Investigators in Canada Protocol. For obtaining EVIDENCE in Canada or extradition FROM Canada, the foreign state's central authority works through a Mutual Legal Assistance Treaty (MLAT), coordinated on the Canadian side by the federal Department of Justice International Assistance Group. For US requests, the counterpart is INTERPOL Washington (USNCB) plus FBI Legal Attache channels; NCB Ottawa and INTERPOL Washington have a standing memorandum of cooperation. The local Canadian police service of jurisdiction is the one that actually investigates a perpetrator on Canadian soil.

A victim cannot invoke INTERPOL or MLAT channels personally; the investigating police service and the Crown initiate INTERPOL notices and MLAT requests. The realistic victim action is to file with their own national police and provide the Canadian police service or the foreign police with the file/occurrence numbers and preserved evidence.

The honest truth: you cannot contact Interpol yourself, only police can. Ask your own investigating officer to pursue international coordination, and keep them supplied with your evidence.
If the person is in Australia

Keep doing everything above in South Africa. At the same time, the fastest leverage often sits in Australia, where the person actually is.

Fastest lever in Australia

The fastest protection lever against a perpetrator located in Australia is the eSafety Commissioner's civil removal scheme under the Online Safety Act 2021. eSafety can issue REMOVAL NOTICES to platforms and end-users under the Adult Cyber Abuse Scheme (18+), the Image-Based Abuse Scheme, the Cyberbullying Scheme (under-18) and the Online Content Scheme; non-compliant services can face civil penalties of up to 500 penalty units. For most schemes the victim must first report to the platform or service, then lodge at https://www.esafety.gov.au/report. This is a civil takedown route that runs alongside, and does not replace, a criminal police report. Note the deliberately high 'serious harm' threshold for the Adult Cyber Abuse Scheme. In parallel, where the victim fears ongoing harm, an Apprehended Violence Order (AVO) / personal safety intervention order can be sought against a locally-located perpetrator via the local court or police.

How the case reaches them

When the perpetrator is located in Australia and the victim is overseas, the foreign victim's own police refer the matter to Australian law enforcement through police-to-police channels: the foreign country's INTERPOL National Central Bureau contacts the AFP-hosted INTERPOL National Central Bureau (NCB) Canberra (within AFP International Operations, operating 24/7), which channels notices, information-sharing and assistance requests. The matter is then assessed and, for an individual harassment case, typically referred to the relevant Australian state or territory police where the perpetrator is located. For evidence-gathering or prosecution that needs formal cooperation, a Mutual Legal Assistance (MLAT) request is coordinated by the Commonwealth Attorney-General's Department under the Mutual Assistance in Criminal Matters Act 1987. A victim cannot trigger these channels directly; they ask the investigating police to route the matter through INTERPOL Canberra or MLAT.

eSafety is a civil regulator and does not prosecute, award damages, or replace police. The criminal route remains state/territory police (or the AFP for serious/transnational matters), reachable from abroad only via the police-to-police INTERPOL Canberra channel described above.

The honest truth: you cannot contact Interpol yourself, only police can. Ask your own investigating officer to pursue international coordination, and keep them supplied with your evidence.
If the person is in New Zealand

Keep doing everything above in South Africa. At the same time, the fastest leverage often sits in New Zealand, where the person actually is.

Fastest lever in New Zealand

The fastest practical lever against a perpetrator located in New Zealand is the Harmful Digital Communications Act 2015 civil route: complain to Netsafe (the Approved Agency, https://netsafe.org.nz/report, 0508 638 723), and if it cannot resolve the matter, use Netsafe's written summary to apply to the District Court for an HDCA order (takedown, cease publication, correction, right of reply, or identity disclosure). For serious threats or criminal conduct, NZ Police can act under the Crimes Act / HDCA s 22 directly because the offender is locally located and within jurisdiction. NOTE: where the poster is offshore the HDCA's real limit is service-of-process (no statutory provision for serving an overseas defendant; leave of the District Court under District Court Rules Part 6 is required); that limit does not bite when the perpetrator is in New Zealand.

How the case reaches them

When the perpetrator is in New Zealand and the victim is overseas, the foreign victim should report through their OWN local/national police, who relay the matter police-to-police to INTERPOL Wellington (the NZ National Central Bureau hosted at Police National Headquarters). Neither the public nor a foreign victim can contact INTERPOL or the NCB directly: 'INTERPOL NCBs do not respond to requests from the general public... contact their local or national police, who will in turn contact the NCB.' NZ Police can also be reported to directly via 105 (https://105.police.govt.nz) for the criminal record. For evidence held in or action needed in New Zealand, the foreign authority uses a Mutual Legal Assistance (MLAT) request handled under New Zealand's Mutual Assistance in Criminal Matters Act 1992 via the Crown central authority. New Zealand is also a Party to the Budapest Convention on Cybercrime (in force for NZ 1 December 2025), which provides additional cross-border cooperation channels for electronic evidence. An FBI Legal Attache now operates a standalone office in Wellington (opened 31 July 2025) for liaison with US authorities.

Because the perpetrator is locally located, NZ Police and the District Court can act without the cross-border MLAT or INTERPOL delays that slow cases where the offender is abroad. If Netsafe’s role changes, NZ Police on 105 is the fallback intake.

The honest truth: you cannot contact Interpol yourself, only police can. Ask your own investigating officer to pursue international coordination, and keep them supplied with your evidence.
Dedicated cross-border guides
If the person is in the United States →If the person is in the United Kingdom →If the person is in Canada →If the person is in Australia →If the person is in New Zealand →
Keep climbing

If you are brushed off, do this next

You are entitled to be heard. Work up this ladder until your case is assigned.

  1. 1SAPS station - open the case. Go in person to your nearest police station's Community Service Centre, give a sworn statement with all evidence (screenshots, message logs, URLs, headers, dates/times), and insist the official opens a docket and gives you a CAS number (by SMS or in writing). Reference: https://www.saps.gov.za/services/report_crime.php
  2. 2Get your CAS reference number and the investigating officer's details. Once the docket is allocated, get the investigating officer's (detective's) name and contact, and follow up using your CAS number. Provide preservation-friendly evidence early so SAPS can act before data is lost.
  3. 3Station Commander / Detective Branch Commander - if the case stalls, no investigating officer is assigned, or you are turned away, escalate in writing to the Station Commander and ask for the matter to be reviewed; request a meeting and a written update.
  4. 4Provincial SAPS office / SAPS national complaints, and if police inaction or misconduct persists, IPID (Independent Police Investigative Directorate) for police failure-to-act complaints - use these to compel movement on a dormant docket.
  5. 5Magistrate's court - Protection from Harassment Act order. This is the fast, low-cost route and does not require you to know who the harasser is: use s.4 to direct an ECSP to furnish an unknown harasser's name, ID number and address; obtain an interim then final order (s.10); breach of the order is a crime carrying up to 5 years (s.18(1)(a)). NOTE: the Cybercrimes Act s.20 takedown order and s.21 unmasking direction are NOT yet in force (Part VI of Chapter 2 has not commenced as of 2026), so rely on the PHA s.4 route plus direct platform/host takedown reporting for content removal.
  6. 6DPCI / the Hawks - for serious, organised, high-value, or cross-jurisdictional cyber-enabled crime (large extortion/fraud rings), escalate to the Directorate for Priority Crime Investigation. National Head Office, Silverton, Pretoria. Reference: https://www.saps.gov.za/dpci/contactus.php
  7. 7Parallel civil/regulatory tracks - lodge a POPIA complaint with the Information Regulator for doxxing/unlawful disclosure of personal information (https://inforegulator.org.za/complaints/), and consider a civil defamation claim (damages/interdict) where reputation is harmed.
  8. 8Elected representative as a pressure-valve - a Member of Parliament or your ward councillor can apply pressure on a stalled docket and ask SAPS for accountability, but cannot direct or interfere in an investigation. Use this to push for movement, not to change the legal outcome.
  9. 9International liaison - where the perpetrator or evidence is abroad, ask SAPS to route the matter through INTERPOL NCB Pretoria (police-to-police) and, for formal evidence-gathering, the Mutual Legal Assistance channel under the International Cooperation in Criminal Matters Act 75 of 1996 (Central Authority: Department of Justice & Constitutional Development). Keep climbing and keep written records at every step.
Cross-cutting essentials

The same for everyone: evidence, safety, platforms

Documenting and preserving your evidence

Good documentation is the backbone of every other step. It builds the pattern that proves intent, it gives police and courts something to act on, and it survives even if the perpetrator deletes accounts. The guidance below comes from official safety and policing bodies across several countries. ## Capture context, not just the bad comment Australia's eSafety Commissioner advises capturing "the full conversation (rather than the abusive comment on its own), as well as account details, dates and times," and noting the web page address (URL) and the other person's user profile. Both screenshots and screen recordings are endorsed (screen recording is useful for content that scrolls). The practical takeaway: a good capture shows the username, the URL, and the date and time together, not a bare cropped screenshot. PEN America's Online Harassment Field Manual makes the same point about why this matters over time: documenting harassment creates a record that "alerts you and others to abuse patterns and escalations." Capturing the perpetrator's own words and behavior across time is how you surface intent and escalation. ## Keep the original file, because metadata is provenance Tech Safety Canada advises that you "should always safely store the digital original" rather than forwarding or re-copying it, capture the person's profile URL and a visible date and time, and print or save "directly after you have captured it," because "opposing counsel could claim there was manipulation of evidence... if there was a delay." Saving the original file (rather than forwarding or screenshotting a copy) is the practical mechanism by which authenticating metadata survives. Canadian law-enforcement cyberbullying guidance (RCMP) reinforces recording dates and times, capturing full conversation context with visible timestamps, usernames, and platform, and saving originals. ## Back up in more than one place Accounts and content can be deleted, so keep redundant copies. Tech Safety Canada suggests you "email or text the document to a device that you will continue to have secure access to so you have an extra copy." Canadian guidance recommends backups in multiple locations (for example cloud plus physical plus a printed hard copy kept in chronological order). ## Keep a contemporaneous log UK College of Policing stalking and harassment guidance treats the victim's own diary or log of incidents, and retained correspondence from the suspect, as key evidence; officers are advised to ask victims to keep a diary and explain how to complete it, and some forces issue formal stalking and harassment diary sheets. A dated, ongoing log of incidents is recognized, valuable evidence. ## Email evidence: preserve the headers Emailing a copy of evidence to yourself or a trusted contact can give you an independent third-party (mail-server) timestamp and a redundant copy. But there is an important caveat: forwarding or screenshotting an email strips or overwrites the original metadata. As the Safety Net email-evidence guidance explains, "in a forward, the original email header is replaced with a header that contains the forwarder's information," and "it is also not possible to uncover the header with just a screenshot or photo of the email body." To preserve provenance, keep the original message and its full headers (access the original electronic version via your webmail account, device, or email server). A self-generated email timestamp is corroborating, not conclusive. ## Why a postmark (or self-mailed copy) is weak proof Mailing yourself a copy, or relying on a postmark, proves only that an item existed and was in your possession on a date. It does not prove who wrote it, that any official action was taken, or that the content is unaltered, and it is tamperable. This is the well-documented "poor man's copyright" fallacy: the US Copyright Office states "there is no provision in the copyright law regarding any such type of protection, and it is not a substitute for registration." The same logic applies to reporting: a postmark or self-mailed copy does not prove a crime was reported. The durable proof that a report exists is the official police report or file reference number issued by police, which you should keep for follow-up. (This police-report analogy is a reasoned synthesis of the poor-man's-copyright point plus the role of official report numbers, not a single direct citation.) ## New Zealand caution: preserve before you block, and do not store "objectionable" content New Zealand's Netsafe advises screenshotting harmful content; for emails, saving both the message contents (with the date and time received) and the email headers; and recording the full URL of each page. Critically, it advises: "Contact Netsafe, or the Police first before deleting any content or blocking the abuser's number or profile (as this can be important evidence)." Netsafe also warns: "Do not screenshot or store content you believe is objectionable. It's illegal in NZ to store, send or share objectionable content. Instead contact Netsafe or the Department of Internal Affairs immediately." This jurisdiction-specific caution matters for any cross-border situation, because blanket "screenshot everything" advice can backfire. General legal information, not legal advice.

Official sources
esafety.gov.au ↗onlineharassmentfieldmanual.pen.org ↗techsafety.ca ↗rcmp.ca ↗library.college.police.uk ↗techsafety.org ↗copyright.gov ↗netsafe.org.nz ↗
Swatting: protecting yourself from a fake emergency call to your home

Swatting is when someone makes a false emergency report (such as a hostage situation or active shooter) to send armed police to your address. If you have been doxxed or threatened, this is a real risk, and there are concrete, sourced precautions. ## What the FBI advises The FBI/IC3 swatting public service announcement (29 April 2025) advises victims to "retain all information regarding the incident, such as usernames, email addresses, websites, or names of platforms used for communication, photos, or videos," to immediately report it to local law enforcement and to IC3/FBI, and to "discuss swatting with your family members or colleagues and have a plan in place in the event of law enforcement contact" at the residence. Important: this FBI PSA does not tell victims to pre-emptively register or notify police that they are a swatting target before an incident. Its preventive advice is limited to retaining incident information and having a family or colleague plan. The proactive pre-notification step below is supported by other authoritative sources, but should not be attributed to the FBI. ## The proactive notification precaution The core proactive precaution is to give your local police context in advance, so that a later fake emergency call to your address is met with caution rather than a maximal armed response. The ACLU advises: "If you are concerned about this kind of attack and you trust your local police to be reasonable, consider calling your local police's nonemergency number to alert them to the likelihood of false reports about your address," and it links a verbal script to request that extra precautions be taken by first responders if a report is received about your address. The "if you trust your local police to be reasonable" caveat is worth keeping in mind. Mainstream security guides give the same advice in operational terms: "Contact your local police department. Tell them what you do for a living and that you might be a target for swatting attacks. Tell the police that if they get a call about an active threat at your home address, they should first contact you to confirm that it's true." The goal is to turn an unverified hostage or shooting report into one the dispatcher already knows to treat with suspicion. ## Formal registries exist in some places, but are not universal Some jurisdictions offer a formal opt-in flag. The Seattle Police Department runs an opt-in anti-swatting program (launched 2018): residents who fear being targeted register their address through the Smart911 / Rave Facility system, and "when the 911 call center receives a report of a critical incident, they can dispatch responders and simultaneously check to see if residents at the address registered a concern for swatting on Rave Facility," passing that context to responding officers. Most jurisdictions, however, have no formal swatting registry. Where none exists, the realistic fallback is the ACLU's advice: call the local police non-emergency line and give them context. Do not assume a national or standard registry exists. General legal information, not legal advice.

Official sources
ic3.gov ↗aclu.org ↗security.org ↗king5.com ↗
When one person targets many: treat it as one linked case

If a single perpetrator is harassing several people, the strongest approach is to treat it as one connected pattern rather than a scatter of unrelated, isolated complaints. A documented multi-victim pattern is powerful evidence of intent and fixation, and the law recognizes it. ## Coordinated harassment of multiple people can be one legal pattern UK Crown Prosecution Service guidance establishes that coordinated harassment of multiple victims can legally constitute a single "course of conduct." The CPS states: "Harassment may be committed against two or more persons," and "this covers collective harassment, whether directed towards members of the same family, neighbourhood, protected characteristics, trade or profession, organisation, or institution." Prosecutors are told that gathering evidence "should focus on the wider pattern of behaviour and on the cumulative impact on a victim." A campaign connected by a common motive or behavior links together as one pattern. That is precisely why a documented multi-victim pattern is strong evidence of intent and fixation. ## Why a cross-victim pattern matters Criminal harassment and stalking charges typically require demonstrating a sustained course of conduct, and often a specific intent, rather than a single offensive comment. A single instance of bad language or an opinion is generally not enough on its own. A pattern across multiple complainants helps establish the sustained conduct and the intent that a single instance cannot. (The broad legal logic here is authoritative via the CPS course-of-conduct framework; specific intake-categorization wording from non-official sources should be treated as illustrative.) ## Cross-referencing official report numbers When victims of the same perpetrator coordinate, the durable link between their cases is the official police report or file reference number, not the mere fact that they know each other. When you file a report, police give you a file or report number that you should keep for follow-up, and reports help police "identify patterns... repeat suspects." Co-victims cross-referencing each other's official reference numbers lets the forces link, retrieve, and corroborate related reports, and lets a Legat or NCB match parallel cases across borders. This cross-referencing of reference numbers is presented as best-practice reasoning grounded in two verified pillars (official report numbers exist and are kept for follow-up, and the CPS treats a one-offender, multiple-victim campaign as a single course of conduct). It is a sound operational extrapolation, not a directly quoted official instruction. General legal information, not legal advice.

Official sources
cps.gov.uk ↗rcmp.ca ↗
Reporting to the platform: what actually forces removal

When someone is harassing you, impersonating you, or spreading content about you on a social platform, it helps to understand what genuinely makes a platform take content down, and what is a waste of time. ## The three levers that actually force removal In practice there are only three things that force a platform to remove content or an account: 1. A court order or injunction. A judge orders the content removed. This requires a lawsuit and a court.

  1. A law-enforcement request submitted through the platform's official legal portal. A sworn officer working your case submits a request through the platform's dedicated law-enforcement webform. This is why a police report and reference number matter: it is an officer with an open case, using the official portal, who can move this lever, not you directly.
  2. The platform's own Community Guidelines enforcement after a report. The platform reviews the reported content against its rules and removes it if it violates them. Of these three, Community Guidelines enforcement is the only free, immediate lever a victim can pull directly. The first two require either a lawsuit and a court, or a sworn officer with an open case. You cannot invoke the court-order or law-enforcement levers yourself. ## Informal emails are ignored Do not waste time emailing a platform's general or legal@-style inbox, or messaging from a personal email address, to demand a takedown. Platforms route real legal and law-enforcement requests only through their official portals. TikTok's own Law Enforcement Guidelines state plainly that it "will not respond to requests for user data sent by non-law enforcement officials or when they are sent through informal channels (such as personal email addresses)." Emergency law-enforcement requests must come from a sworn law-enforcement official and from an official law-enforcement email domain. The same pattern holds across platforms: Meta requires a government-issued email at facebook.com/records; X requires a government agency to use legalrequests.x.com; Twitch requires legal process served through the Amazon Law Enforcement Request Tracker and "does not accept requests... or service of process, via e-mail or fax." The informal-email path simply is not the path that gets actioned. The officer working your case is the one who uses the portal. ## Report each item, per video and per comment On TikTok you can report any post (video), comment, account, or direct message for violating Community Guidelines, from the app or a web browser. Reporting is confidential: TikTok states it "will not disclose your identity to the person whose content or account you're reporting." To report a video: In the app, open the post, tap the Share button (or press and hold the post), tap Report, select a reason (and a subtopic if prompted), then tap Submit. On the web, hover over the More options (...) button on the video, click Report, select a reason and subtopic, then click Submit. To report a comment: TikTok has a separate, dedicated comment-report flow (press and hold the comment, then tap Report). Report harassing comments individually, per comment, rather than only reporting the video. ## Impersonation has its own separate report flow If someone is pretending to be you, that is not the same as reporting a single offensive video, and it uses a different path. TikTok provides a separate impersonation report flow: go to the impersonating profile, tap the three dots (top right), tap Report, then Report account, then select the impersonation reason ("Pretending to be someone"). There is also a web impersonation form that can require a real ID and lets you list multiple fake accounts in one report. TikTok's policy bans impersonation: it "does not allow accounts that impersonate individuals or organizations in a misleading or malicious way," while permitting clearly labeled fan or parody accounts that do not confuse users. Other platforms have their own impersonation report forms too (for example, X's impersonation reporting is filed by the impersonated person or an authorized representative). ## Do not use mass-reporting tools or organize a brigade It is tempting to rally friends or use a third-party "mass report" tool or bot to pile reports onto an impersonator. It does not work, and it can backfire. TikTok's own position is explicit: "Mass reporting content or accounts does not lead to an automatic removal or to a greater likelihood of removal" by its Safety team. Removal turns on whether the content actually violates the Community Guidelines, reviewed by human moderators, not on how many reports it receives. Mass-reporting tools violate platform policy and are the wrong move. Use the legitimate per-item report, the separate impersonation report, or the law-enforcement and court routes instead. General legal information, not legal advice.
Official sources
tiktok.com ↗tiktok.com ↗tiktok.com ↗support.tiktok.com ↗support.tiktok.com ↗support.tiktok.com ↗tiktok.com ↗newsroom.tiktok.com ↗meta.com ↗help.x.com ↗help.x.com ↗safety.twitch.tv ↗help.snapchat.com ↗
When the harasser is in another country: how cross-border police work moves

If the person harassing you lives in a different country, the case has to move between police forces. Understanding how that works tells you what to ask for and why your role is to keep your officer supplied with what they need. ## You cannot self-start INTERPOL or an MLAT, only police can INTERPOL is the world's largest police organization, with 196 member countries. But it works through each country's National Central Bureau (NCB), and the public cannot report to it directly. INTERPOL's own NCB page states: "INTERPOL NCBs do not respond to requests from the general public. Anyone wishing to report a crime or provide information on an international investigation should contact their local or national police, who will in turn contact the NCB." The US side says the same: private citizens report crimes through their local police or law-enforcement agency, which may then contact INTERPOL Washington if international assistance is required. The same is true of formal evidence requests between countries. A Mutual Legal Assistance Treaty (MLAT) request can only be made by government authorities (prosecutors, investigating judges, criminal investigators) and must be transmitted through a country's legally designated Central Authority. "All requests made pursuant to MLATs must be submitted through the Central Authority," and MLATs "are not available for use by private parties." A victim cannot file an MLAT request, only the investigating officer or prosecutor can. So your leverage is the explicit ask. You cannot trigger INTERPOL or an MLAT yourself; you trigger them by getting your investigating officer to make the request. ## The FBI's overseas offices (Legats) coordinate, they do not police The FBI runs legal attache (Legat) offices in "dozens of locations" around the globe, "providing coverage for more than 180 countries, territories, and islands," with about 250 special agents and support personnel stationed abroad. Legats sit in US embassies and cover the countries most relevant here, including London (covering the UK, Ireland, and the Channel Islands), Ottawa (Canada), Mexico City, Canberra (Australia), and Wellington (New Zealand). The FBI opened a standalone Legat office in Wellington on 31 July 2025; it had been a suboffice of the Canberra Legat since 2017. Crucially, Legats have no law-enforcement powers overseas. "Since FBI agents do not have traditional law enforcement powers overseas, they must rely on strong, mutually beneficial relationships with their foreign counterparts." The FBI "conducts investigations abroad only when invited by the host country. In most cases, our international partners gather evidence and make arrests on behalf of, or in close cooperation with, the Bureau." Legat duties include coordinating requests for assistance and coordinating victim assistance. They are a coordination channel, not a force that swoops in. ## The US entry points: a local field office and IC3 For a US-connected victim, the practical entry points are your local FBI field office and the FBI's Internet Crime Complaint Center (IC3) at ic3.gov. IC3 itself does not investigate; "trained analysts at the IC3 review and research the complaints, disseminating information to law enforcement and partner agencies, as appropriate," and "investigation and prosecution are at the discretion of the receiving agencies." IC3 explicitly accepts cross-border reports, including from "citizens of another country or who may be reporting a subject in another country." For an ongoing crime or a threat to life, contact your local field office or call 911. ## Formal evidence channels differ by country Bilateral MLATs with the United States are in force for the UK (entry into force 2 December 1996), Canada (24 January 1990), Mexico (3 May 1991), and Australia (30 September 1999), but not for New Zealand. US to New Zealand formal assistance runs instead through multilateral conventions and non-treaty letters rogatory and comity. For multilateral cooperation, the Council of Europe Budapest Convention on Cybercrime provides a standing framework for cross-border preservation and exchange of electronic evidence, including a 24/7 contact-point network. Among the countries here, the US, UK, Canada, Australia, and New Zealand are parties. New Zealand became the 81st party (acceded 28 August 2025; in force for New Zealand 1 December 2025), so the multilateral channel is available US to New Zealand even though no bilateral US to New Zealand MLAT exists. Mexico is not a party to the Budapest Convention; for a Mexico-based perpetrator the correct formal evidence channel is the US to Mexico bilateral MLAT, not the Budapest Convention. ## The realistic playbook Putting the verified mechanics together: - Report at home and in the perpetrator's country. Each country's police are the ones who can open the NCB or MLAT channel on their end, and IC3 explicitly accepts reports about a subject in another country.

  • Keep and cross-reference every reference and complaint number. Cross-referencing lets each force link to the parallel case so a Legat or NCB can match them.
  • Explicitly ask each investigating officer to pursue international coordination, through the NCB/INTERPOL channel, an MLAT via the Central Authority, and/or the in-country FBI Legat. You cannot self-initiate these; only the officers can. This consolidated playbook is a reasoned synthesis; each underlying mechanism is individually verified from FBI, DOJ, INTERPOL, and IC3 sources, though no single official page states the four-part script verbatim. General legal information, not legal advice.
Official sources
interpol.int ↗interpol.int ↗justice.gov ↗justice.gov ↗fbi.gov ↗fbi.gov ↗fbi.gov ↗ic3.gov ↗justice.gov ↗coe.int ↗