It’s never the words you want to hear, “You need to contact the FBI immediately”. The whole situation was certainly odd: my husband is one of the three thousand plus Marines deployed in Iraq, fellow military writers I work with were targeted by ISIS just months ago, and now it appears I’ve been hacked from something potentially tied to ISIS or the Middle East.
When I first noticed the discrepancy, I didn’t know what the motive was or what had happened. Was someone trying to target my location? Get access to my emails or bank accounts? Is our family safe or is someone looking to hurt us?
Unfortunately, this is the world our military families face today. I knew when I started writing and putting myself out there, I was going to be a potential target to ISIS or anyone with domestic terrorism in mind. I’ve participated in a lot of interviews and written hundreds of pieces online; I have a very large digital footprint.
I know about OPSEC and PERSEC. I know how to lock down my Facebook profile. I don’t have stickers on my car which would make me a target (other than the mandatory Marine Corps DoD sticker).
I’m careful about who I talk to with specifics about our family. But now that a potential threat existed, I was being asked to call the FBI to investigate. I called and was directed to file a complaint with the Internet Crime Complaint Center. I was also asked to follow up with my husband’s command as well. I spoke with the Battalion’s intel officer who made a report and contacted NCIS.
In an effort to help the professionals understand what was going on, I took video of what I was seeing and attached it in an email to them. This turned out to be a huge help because they could easily see and discuss within the department what steps to take next.
Then I immediately changed all my passwords including all social media, email, banking, and Apple ID.
I received a call from NCIS almost immediately. They were concerned because my husband was in Iraq; he was working with the Iraqis and interpreters, there was potential for a localized threat because someone could look him and his family up online.
I resigned myself to believe that nothing bad was going to happen, I knew everything so far had just been scare tactics. That being said, when I woke up about 3am and heard a doorknob slowly turn and a small light appear in the hallway, it stopped my heart for a moment – but it was just my daughter wanting to come in and sleep with me.
A day and a half later, two FBI agents and the NCIS contact I’d been speaking with, came to my home, interviewed me and looked through my equipment. I was happy to hear they didn’t see an immediate threat to my family, although they’re still investigating what had transpired as it was something new they hadn’t seen before.
I learned two new tricks from them, so I’ll share what I picked up.
Two-Step Authentication
I use Gmail for my professional email organizer – do you know you can do two-step authentication with it? I knew two-step authentication was possible with Twitter and Facebook and had set it up, but not my email. You can also get it for your Apple ID.
If you’re not familiar with what this means, two-step authentication basically prevents anyone from stealing your password and hacking your account. Anyone who accesses your account would need an authorization code to log in from an unrecognized device. Authorization codes are typically texted, emailed, or accessed online to the account owner, preventing the hackers from doing damage.
Also if you have gmail, you can check to see where the logins have come from. You can stop access from any IP address not belonging to you from it as well (Facebook does this as well: click on Settings, then Security, then where you’re logged in).
Phishing – Emails that look real, but aren’t
Phishing is where people throw a large virtual net to users, hoping you click on a link where you freely expose information about yourself. An example of this kind of email may look like your bank emailed you. It may say something like: please click here to verify information for your account, or your account will be shut down in 24 hours. They want you to click the link which would take you to a site that looks very similar to your banking login where you enter your username and password. Bingo, now they have access to your bank accounts.
Luckily for me, I hadn’t clicked on a phishing email. But I did learn if you hover your mouse over the button, the url entered will pop up below and you can investigate the link. Normally, I’d just look at the email address who sent it, but this adds another feature to help.
If you’re a military family, make sure you do your due diligence so you can protect yourself online. Check out some of the links highlighted in this piece above. You can also follow the Facebook group: OPSEC for families.
***
The author of the article has written this piece anonymously for OPSEC purposes