Protect Yourself from Online Harassment

U-M is unwaveringly committed to academic freedom, and freedom of expression and inquiry. The right to academic freedom in education and research is foundational to the university's mission and place as a public institution.

In a highly polarized and politicized society, members of the higher education community are increasingly subject to in-person and online harassment and abuse, which can take many forms, including:

  • Being the subject of embarrassment, humiliation or threats, particularly in a highly politicized society.
  • Becoming a target for doxxing (doxing)–the unauthorized sharing of personal information such as home addresses, phone numbers, employers, or email, in order to expose the individual to harassment, stalking, or other harmful behaviors.

While no practice or tools can completely erase one’s online presence and eliminate online harassment and abuse, the guidance below can help mitigate the risk of becoming a victim.

Reduce Personal Information Online

  • Configure privacy settings in your MCommunity profile. For help, contact the ITS Service Center.
  • Review your U-M digital presence. Information may be published on departmental websites (email, office location, phone numbers, etc.).
  • Look yourself up online. Search your name to see what comes up and remove your information from websites, as desired. Examples: Remove your personal information from Google, Manage or Delete your information from Meta.
  • Reduce your digital footprint. Regularly review social media and online accounts, and curate the content you publish. Consider deactivating accounts you no longer use.
  • Regularly review privacy settings and friends lists on social media, especially those where you share personal information.
  • Care about what you share. Consider not sharing information about your family, travel plans, and anything that identifies your location.
  • Separate personal from professional accounts. Use secure tools for personal communication. Consider using a pseudonym and/or disposable online accounts for your public-facing persona to shield your real identity. (U-M accounts/services should be used for U-M business, not external accounts.) Examples of secure communication tools: Signal (text messaging) and Proton (email).
  • Don’t list a personal phone number or home address on your resume or CV when posting publicly or on job search websites. Consider using a P.O. Box instead of a home or office location. Use a cheap VoIP service to provide disposable phone numbers, if needed. Examples: Google Voice, Burner, and Hushed.

Prevent Unwanted Interactions

  • Block senders of unwanted email or set up custom email filters to automatically send email to spam or trash.
  • Mute and/or block a harasser’s account on social media. Muting means their comments are not viewable to you, and the person whose account is muted is not notified. Blocking means the account is blocked from following you, seeing your posts, or commenting, and the person is notified that they have been blocked.
  • Do not engage in online disputes. It is a waste of time and may lead to escalation.
  • Be wary of phishing attacks. Phishing emails try to trick you into providing personal information or downloading malware. Learn to identify phishing, smishing (text scams), and how to spot a spoofed email.

Secure Personal Devices & Accounts

  • Secure your passwords. Use a unique, complex password for each account, in particular, for U-M, Apple, Google, and social media. Consider using a password manager. Examples: Bitwarden and 1Password.
  • Set up two-factor authentication on all platforms that support it. Most social media and financial websites do.
  • Protect personal computers and devices. Run security updates promptly to keep your operating system and software up to date. Run anti-malware software. Examples: Norton and McAfee.
  • Consider using Lockdown Mode on your iOS device. iOS offers a Lockdown Mode as an optional, extreme protection for individuals targeted by some of the most sophisticated digital threats. Note that it strictly limits the functionality of your device.

Leverage U-M Services

  • Protect your computers. Crowdstrike Falcon is installed on almost all UM-owned servers, desktops and laptops to protect against endpoint attacks like ransomware. Ensure it is installed, or contact your local IT support for information.
  • Protect your websites — development/hosting. The best way to protect your websites is to have it run by ITS or your unit IT team. Work with ITS or your unit IT to find out more.
  • Protect your websites — updates/patching. If you run your own websites, make sure you are running the latest version of web software (e.g., Drupal, Wordpress). Ensure that administrative access requires two-factor authentication. Work with ITS or your unit IT to find out more.
  • Protect your websites — enhanced protection. U-M is deploying Cloudflare to protect critical websites against Distributed Denial of Service (DDoS) attacks. Contact the ITS Service Center if your website may benefit from this protection.
  • Use secure remote access. If you use remote access protocols to collaborate or work off campus, do so securely. Use the U-M virtual private network (VPN). For remote access to campus computing systems, ensure the systems are managed by U-M IT staff following guidance from ITS Information Assurance.
  • Secure your communications. Use an email encryption service, such as VirtrDu.
  • Protect collaborators. If your collaborators feel their institution's accounts are not secure, consider providing them a U-M Sponsored account during the collaboration.

Document Evidence and Request Take Downs

  • Keep evidence/artifacts. Keep records of any online harassment, including screenshots, messages, or any other evidence in case you decide to involve law enforcement or take legal action.
  • Request takedowns of harmful content. 
    • If the content is posted on a social media platform, you can request that the platform remove it in accordance with its user agreement and content guidelines. 
    • If the content is posted on a website operated by the individual(s) who are targeting you, you may be able to request that it be taken down by contacting the web hosting service based on their community standards/acceptable use policies. You can look up the host for a website using this database.
    • If an organization is posting harmful content, you can send a written request to the organization (identifying yourself, identifying the harmful statements and how they are false or misleading, and describing how they impact you).

Consider Your Physical Security

  • Engage Law Enforcement. Maintain open lines of communication with local law enforcement and keep them informed. Report threats or concerns.
  • Secure your residence. Ensure your home is protected. Consider installing a security system with cameras and alarms.
  • Develop an emergency plan. Prepare an emergency plan in case of threats or dangerous situations, such as escape routes, emergency contacts, and having a safe location to retreat to.
  • Inform trusted individuals. Share your concerns with trusted friends, family members, and colleagues. Inform them of your whereabouts and travel plans, so they can watch for suspicious activity or notify authorities if necessary.
  • Trust your intuition. Be aware of your surroundings. Trust your instincts and take any threats seriously. If something feels off or unsafe, remove yourself or seek help immediately.

Seek Support

Escalation Pathways

  • If you feel threatened, intimidated, or that your safety is at risk, report it to the U-M Police Department (UMPD) or other law enforcement immediately.
    • U-M DPSS Non-Emergency Lines: Call 734-763-1131 or text 377911
    • U-M Anonymous Tip Line: 800-863-1355 
  • If you feel bullied, harassed, or uncomfortable with digital content or interactions related to your work and life at U-M, report to*:
    • Your department chair or dean.
    • IT User Advocate.
    • U-M Anonymous Tip Line: 800-863-1355.
    • If the bullying or harassment takes place on social media, consider contacting the U-M Public Affairs office: [email protected] 
  • If you believe your U-M account has been compromised, contact ITS Information Assurance at [email protected].
  • Report phishing and other suspicious email by forwarding to [email protected]. Provide full information by sending what Google calls the email original by clicking the down arrow next to the Reply arrow and select Show original.
  • Consider obtaining legal assistance through U-M resources (below) or on your own:
  • All product references are suggestions only–U-M has no agreements or affiliations with these vendors.
  • Many websites draw from public records, and “permanently” removing them is likely impossible. U-M does not endorse or make recommendations on using for-fee data removal services, nor does U-M remove data from the internet on your behalf.