The Defense Counterintelligence and Security Agency announced this week that a new sophisticated phishing attack is making the rounds, with malicious actors likely targeting the news around the Jack Teixeira case and the push for better data security following the high profile leak.
The phishing email suggests security clearance applicants are being asked to participate in new security training and will need to self report an addendum to the SF-86. The attack is sophisticated not just due to the look of the email, but because it’s trading on current events and mirrors several hot topic terms related to the security clearance process, including intelligence leaks, self-reporting, and changes to the SF-86.
Security clearance holders and applicants are cautioned to not open the email or particularly to not click any links in the email.
It’s a good reminder – and a good time for security officers to reach out and remind any employees that it’s okay to verify any additional information that may need to be provided or policy updates. DCSA.mil remains a worthwhile resource to peruse for policy updates. In addition to checking the email, be sure to check and verify any information through your security officer, IT department, or another verified source within your company.
Email Example:
ALCON,
Due to a number of high profile spillages and intelligence leaks, all federal and DoD Contract employees are required to view the “DoD Reporting and You” powerpoint training and respond to a six question self-report addendum to their SF-86.
If your response is “yes” to any of the addendum questions, you will need to fill out a SF86_F form for each affirmative answer.
The training and addendum questionnaire can be found here: SF-86 Addendum (this is where the malicious link generally is)
