Keeping up with the digital stalking threat landscape (2025)¶

The digital stalking epidemic continues to grow at an alarming rate, with projections suggesting nearly a quarter of internet users - that’s about 9 million people - may experience cyberstalking by 2025. This represents a steady 5% annual increase, largely fuelled by our ever-expanding digital footprints. What’s particularly troubling is that in about 70% of cases, the victim actually knows their stalker, often living with the constant fear that online harassment could escalate to physical harm. These patterns mirror the disturbing real-life dynamics recently portrayed in popular media like Baby Reindeer.

Perhaps most concerning is the underreporting crisis - only about one in ten cases ever gets formally reported. The reasons for this silence are complex, ranging from fear of retaliation to simple lack of awareness about legal options. This creates a dangerous gap where perpetrators operate with impunity, and survivors suffer in isolation.

(Note: All statistics were adapted from the VPNRanks 2024 Cyberstalking Report, interpreted for the IPA project’s mission.)

Common attack vectors¶

When it comes to digital stalking methods, the classics never go out of style. Text messages, emails and phone calls remain the weapons of choice for many stalkers - low-tech perhaps, but frighteningly effective. These familiar formats can make the harassment feel more personal and immediate.

But stalkers are increasingly supplementing these with more sophisticated tools. Social media platforms have become playgrounds for harassment through fake accounts and doxxing. The smart devices in our homes - cameras, thermostats, even baby monitors - can be turned against us for covert surveillance. And then there’s the particularly insidious category of stalkerware - commercial spyware like Cerberus or FlexiSpy that can be secretly installed on a victim’s device, giving the perpetrator complete access to messages, location data and more.

Emerging threats¶

The stalker’s toolkit is getting an AI upgrade. Voice cloning technology now allows perpetrators to create convincing impersonations, potentially for gaslighting or social engineering. Deepfake technology enables new forms of blackmail using synthetic intimate imagery. It’s like the worst parts of science fiction becoming someone’s daily reality.

Financial stalking represents another disturbing trend, with abusers exploiting open banking APIs to monitor transactions and maintain financial control. We’re also seeing more cross-platform harassment campaigns, where abusers coordinate attacks across messaging apps, gaming platforms and encrypted services, making the harassment both inescapable and harder to document.

Gaps in current defences¶

Our legal systems are struggling to keep pace with these evolving threats. Inconsistent international laws create a patchwork of protections, allowing stalkers to exploit jurisdictional gaps. The technology itself often works against victims - default device settings prioritise convenience over privacy, leaving many vulnerable without realising it.

While excellent open-source tools like PiRogue exist, they haven’t achieved mainstream adoption in shelters and support services. There’s also a critical awareness gap - many survivors and even professionals underestimate how much revealing data we leave in digital breadcrumbs, from photo metadata to location histories.

IPA project priorities¶

For text and email harassment, we’re focusing on secure communication protocols and practical exercises in documenting evidence for law enforcement. Location tracking threats are met with GPS spoofing techniques and hands-on device audits using tools like PiRogue in our shelter labs.

The rise of AI abuse has led to developing deepfake detection drills, teaching people to spot the subtle artifacts in synthetic media. Financial surveillance gets special attention too, with clear guides to bank privacy settings and credit freeze systems.

Key takeaways for survivor support¶

Our approach emphasises moving from fear to practical agency. We’ve found great value in simple, actionable steps like our “how to lock down a smartphone in 10 minutes” guide. Working with law enforcement requires understanding local reporting barriers - whether that’s navigating Turkey’s Law No. 6284 or the EU’s Digital Services Act.

A major focus is expanding access to open-source tools through training programmes for shelter staff. Being able to perform basic device forensics can make all the difference in building a case or simply giving someone back their sense of security. After all, in the fight against digital stalking, knowledge isn’t just power - it’s protection.