Investigating Online Threats, Cyberbullying & Doxxing

Learn how to keep your school, staff and students safe.

Posted by Katie Yahnke in Education on March 1st, 2019

The number of violent threats made toward K-12 schools rose by 62 per cent between the 2017-18 school year and the year prior. The majority of violent threats are now made online, and their frequency is turning the school into a place we fear instead of a place we trust.

Cyberbullying remains a massive cyber safety concern, especially among students, for whom the online world is a normal and necessary part of life. Kids and teens are now logged in at home, on the bus, at school and everywhere in between. And with new tactics, such as doxxing or swatting, cyberbullying has a greater potential to cause harm.

Prepare your school with the tools to keep staff and students safe from online threats and cyberbullying. Learn the best course of action if your school is targeted and how to reduce the prevalence of cyberbullying and online threats.

Download this school-specific investigation report template to start writing more effective and organized final reports.

What is an Online Threat?

An online threat is any type of threat made and received online, typically either by text, messaging applications or social media. Online threats can be divided into two categories: substantive or transient.

 

Substantive Threats

A substantive threat is serious. There is usually a detailed plan with a specific victim (or victims), time, place or method. Sometimes the source of the threat will have already carried out several preparatory steps, invited an audience or recruited an accomplice.

For example, a student who makes a threat on Twitter about bringing a gun to school, who has recruited peers to help with the plan and who has drawn a detailed map of the school layout is making a substantive threat.

 

Transient Threats

A transient threat is superficial. It’s an expression of temporary anger and quickly followed up by a retraction or apology. A transient threat is often justified as being a joke, a figure of speech or a tactic in an argument. There is no real intent to follow through with a transient threat.

For example, a student who says “I’m gonna kill you guys!” while joking around with peers is making a transient threat (as long as the student has no real intent to follow through).

 

How Harmful are Online Threats?

Sergeant Peter Leon suggests that the increase of transient threats on social media platforms like Instagram might be an attempt by kids and teens to gain followers.

Threats, whether they are transient or substantive, have consequences that impact students, staff, parents and even the surrounding community. All threats must be investigated due to the significant potential for harm, and the wasting of precious time and resources when they wind up being unsubstantiated.


What is Cyberbullying?

In addition to normal Internet-related risks such as viruses and email scams, students (and even teachers) can fall victim to cyberbullying.

Cyberbullying is bullying that takes place using digital devices such as computers, tablets or cell phones. Cyberbullying occurs through texting, messaging applications, social media platforms, forums and even multiplayer games.

 

Examples of Cyberbullying:
  • Spamming an individual with texts, emails or direct messages
  • Stalking using GPS tracking
  • Accessing or hacking an individual’s devices or accounts
  • Spreading hurtful rumors about a person online
  • Sending, posting or sharing mean and harmful content
  • Sending, posting or sharing someone’s personal information without permission

Cyberbullying may cross the line into criminal behavior in situations where the bullying behaviors are excessive or extreme.


What is Doxing (AKA Doxxing)?

Slang for “dropping documents”, doxing (often stylized as doxxing) is a relatively new method of online harassment. It’s the latest trend in cyberbullying.

As its name suggests, doxxing occurs when someone broadcasts private, personal information about someone else without his or her consent. The goal is to seek, find and share the personal information of someone else to gain power over the victim.

 

What Information Can Be Doxxed?
  • Full name
  • Home address
  • Phone number
  • Place of education
  • Place of work
  • Social insurance number

 

How Common is Doxxing?

Hong Kong Polytechnic University recently conducted a study on the prevalence of doxxing in the region. The study revealed that more than 50 per cent of high school students in Hong Kong had their personal information or images shared without permission.

When someone threatens to disseminate a person’s private information to the online world, it destroys any sense of privacy they once had and makes them vulnerable to further harassment or even swatting.

Swatting is a related form of online harassment. Swatting occurs when a person anonymously calls 911 or another emergency service to falsely report a threat using the swatting victim’s home address.


What Kind of Online Threats Affect Staff and Students?

The Educator’s School Safety Network (EESN) identified more than 3000 threats made against K-12 schools in the US during the 2017-18 school year, nearly half of which were made online. Almost 40 per cent of threats referenced a shooting, 35 per cent were unspecified threats of violence and 22 per cent were bomb threats.

This is a 62 per cent increase from the number of threats made during the 2016-17 school year. And worse, there was a 113 per cent increase in the number of actual violent events (such as guns on school property, actual shootings or thwarted plots).

Threats can be made by anyone. In the same 2017-18 school year study, more than 80 per cent of threats were made by a student and more than 80 per cent were male. Threats are made on social media about half the time, the rest are written or verbal.

 

Online Threats and Trends

Online threats come in waves. Commonly called “copycat” threats, reports of a school shooting are almost always followed by a major spike in violent threats. In fact, almost half of all threats made in the 2017-18 school year were made in the month following the shooting at Marjory Stoneman Douglas High School in Florida.


What to Do If Your School is Targeted

In a perfect world, you will have already developed and practiced an Emergency Operations Plan before your school is the target of an online threat. (If you’re reading this now before you receive a threat, we cover how to develop an Emergency Operations Plan below.)

If time is of the essence, the Holy Family Catholic Regional Division outlined their process in a blog post that captures the bare bones of what to do in a cyber threat situation.

Note: this is a general outline of how to navigate a threat made online but every situation is different. Every district deals with incidents differently. The best course of action is to do your research beforehand about the roles and responsibilities of schools, districts and law enforcement.

 

If You Don’t Have an Emergency Operations Plan…

Upon being made aware of an online threat, contact the local law enforcement agency and make them aware of the situation. Depending on the time of day, the day of the week and the content of the threat, they may advise you to initiate lockdown or close the school.

Once everyone’s safety is secured, local law enforcement may conduct a preliminary investigation into the threat and its source. Internally, the school will need to conduct an investigation into the circumstances of the cyber threat. The school will also need to provide support for staff and students.


What to Do If a Student Is Targeted

Be aware of not only how common online threats and cyberbullying are in the life of a K-12 student, but also of the negative impacts these experiences can have on the victims.

 

Consequences of Online Harassment and Bullying:
  • Depression and anxiety
  • Academic decline
  • Physical health issues
  • Decreased self-esteem
  • Social isolation and withdrawal
  • Suicidal thoughts or behaviors
  • Increased substance abuse
  • Criminal activity

If a student in your school is the target of online threats or cyberbullying (including doxxing and swatting), you must investigate the issue. Some school officials believe since it occurred online and “off property” it’s not their responsibility to investigate. However, that’s false.

 

University of Mary Washington Case

A federal appeals court recently ruled that University of Mary Washington officials did not do enough to protect a number of students who were being harassed online. The students had been victims of cyberbullying, cyberstalking and threats of sexual assault after they spoke out against fraternities and sororities on campus.

The school claimed that since the harassment occurred on the anonymous online platform Yik Yak, taking steps to protect the victims may have violated the harassers’ right to free speech. However, the court concluded that schools must investigate threatening messages whether they are transmitted online or offline.

A federal lawsuit argued that, by not acting, school officials “condoned and ratified a sexually hostile environment at the University of Mary Washington by permitting ongoing gender-based cyber-harassment and sexual harassment”.

So, if you have a student who is a target of online harassment, you are obligated to act. Not only are you obligated to investigate and resolve the issue, but you must consider the special implications that come with situations that occur online.

 

Consider the Unique Circumstances of an Online Investigation

Posts, tweets, memes and statuses can all be deleted quickly and without a trace. If the harasser’s account has been wiped clean of any evidence, it will be difficult to prove the victim’s allegations. Download this cheat sheet that contains the best practices for conducting an online investigation and remember to always use screenshots to save and preserve digital evidence.

Depending on the severity of the situation, conduct interviews with all students who may be involved in the online threat or cyberbullying. Identify who is responsible for causing the distress and discipline them accordingly. Identify who is negatively impacted by the distress and provide them with continued support.

Have a trusted teacher, counselor or mental health professional follow-up often to ensure that the victims are handling the incident well and that the incident is not causing significant long-lasting consequences.


How to Reduce the Prevalence of Online Threats and Bullying

Reduce the prevalence of cyberbullying, online threats and doxxing in your school by following these best practices.

 

Implement School- or District-Wide Policies and Initiatives

Establish school- or district-wide policies and initiatives that promote the right values.

Staff-oriented policies can touch on how to deal with threats and the role of school staff in relation to local law enforcement. For students, focus on responsible-use policies. Explain that certain online behavior is not appropriate and there are consequences to match for those who act inappropriately online. This policy will deter students from using school devices for online harassment and cyberbullying.

Digital citizenship initiatives are an effective way of teaching students (and even staff and parents) how to be a responsible digital citizen. Touch on topics like privacy, security, online relationships and communication, cyberbullying, digital reputation, self-image, permission and even copyright.

 

Monitor Social Media

Turn to social media to track school threats before the violence occurs. As a primary platform for self-expression, students use social media as an outlet for both the good and the bad. Keep an eye on social media platforms using keyword searches and hashtags to stay in the know about violent warnings and threats toward your school.

 

Implement an Anonymous Reporting Tool

Implement an anonymous reporting tool for your staff, students or their parents to use to report threats discovered online. Despite years of innovation, the “see something, say something” mantra remains the most effective and ethical method of identifying violent threats. In fact, the Justice Department recently allocated more than $19,000,000 in grants to schools to develop anonymous reporting tools and threat assessment initiatives.

 

Investigate ALL Tips, Posts, Tweets

Of course, if something is discovered, either through a reporting tool or social media monitoring, it’s up to you to act on this information. Tracking tweets and tips only provide the information, it is then up to you to investigate these claims the right way. Stay on top of investigations by implementing a comprehensive Emergency Operations Plan.


Do You Have an Emergency Operations Plan?

An Emergency Operations Plan (EOP) will give you a better understanding of the potential risks and hazards that threaten your school, students and personnel. It will also help you create an easy-to-follow guide of your crisis response and investigation.

 

Step One: Form a Planning Team

Create an interdisciplinary team including school staff, community partners, law enforcement, IT staff, a mental health professional and more. Include anyone who may provide valuable input to your online threat response or investigation process.

 

Step Two: Brainstorm Risks

Imagine potentially dangerous situations. Identify cyber threats, hazards and risks and then determine the severity and likelihood of the situation. For example, there is a very high chance you will need to investigate cyberbullying, there is a much lower chance you will need to investigate a bomb threat.

 

Step Three: Identify Your Objectives

Your goals or objectives can be about anything: preventing cyber threats or bullying from occurring, mitigating the damage caused by cyber threats or bullying, responding effectively to incidents or providing support to victims.

 

Step Four: Develop Your Plans

Design a complete course of action for each goal identified above. For example, if you’re hoping to prevent students from making violent threats online about the school, explain how making a threat, even as a joke, will have huge consequences. You will also have a course of action for investigating online incidents, a course of action for mitigating harm and a course of action for providing emotional support.

 

Step Five: Review, Approve, Implement, Maintain

Ask for feedback about the EOP and edit accordingly, then implement and maintain it with routine reviews and revisions.


Katie Yahnke
Katie Yahnke

Marketing Writer

Katie is the marketing writer at i-Sight. She writes on topics that range from fraud, corporate security and workplace investigations to corporate culture, ethics and compliance.

Want to conduct better investigations?

Sign up for i-Sight’s newsletter and get new articles, templates, CE eligible webinars and more delivered to your inbox every week.