FSO PROS Snippet Category: Cybersecurity

Monthly Newsletter

AI Driven Social Engineering: The New Threat Targeting Federal Contractors

June 15, 2026

Artificial intelligence driven social engineering is no longer a theoretical concern. It is already being used by adversaries to target federal contractors because of the sensitive information, predictable workflows, and publicly visible roles common in this environment. It is important to understand why this threat deserves your attention and how it affects every cleared and uncleared individual.

AI has made social engineering attacks faster, more convincing, and harder to detect. Federal contractors are now prime targets because adversaries can use AI to mimic coworkers, generate realistic emails, and scrape public data to craft highly personalized attacks.

Bottom line: If you work within the federal government space, whether working directly on a government contract or supporting a federal contractor organization, you are a target…regardless of your role, clearance level, or seniority.

How AI Changes the Threat Landscape

AI tools give attackers new capabilities that make their messages and requests appear legitimate. This section outlines the specific ways AI enhances an attacker’s ability to deceive you and why traditional red flags are becoming harder to spot.

  • AI crafted phishing creates messages that look authentic, match your writing style, and reference real project details.
  • Voice cloning allows attackers to imitate a PM, COR, or FSO with only seconds of audio.
  • Automated reconnaissance lets AI tools scan LinkedIn, company sites, and conference lists to map who works on what.
  • Fake documents and memos can include realistic DD254s, onboarding forms, or urgent tasking requests.

These attacks are designed to look normal. That is what makes them dangerous.

Common AI Driven Attack Scenarios

AI powered attacks often appear as routine work requests. Here are a few short, realistic examples of how these attacks show up in daily operations, so you can recognize them quickly and respond safely.

“I Need This Now”

You receive an email or call with a cloned voice from someone you supposedly know, often someone in a position of authority, asking you to pay an invoice, buy something for them urgently, provide business or contract information, asking for their “forgotten” login credentials, or send a CUI package to a personal email because a portal is down.

 “New Subcontractor Access Request”

A realistic looking onboarding form asks you to grant SharePoint access to a supposed teaming partner.

“Conference Logistics Update”

Before a defense conference, you receive a message asking for passport scans or travel details.

“Security Compliance Reminder”

A fake memo claims to be from your FSO and asks you to go to this new link and complete a training.

These are just a few examples but, you can see how in each scenario they are attempting to exploit trust, urgency, and familiar workflows.

How to Protect Yourself, Your Organization, and Your Program

Even as AI attacks become more sophisticated, the most effective defenses remain simple and consistent. This section focuses on practical steps that anyone can apply immediately, regardless of technical background or job role.

Verify Every Request: Use known contact methods, not the ones provided in the message. Check that the email address or phone number is the one you know to be legitimate for the individual. Verify with the person directly, if you are unsure. If something feels off, it probably is.

Slow Down When You See Urgency: Attacks often rely on pressure. Pause. Confirm. Then act.

Protect Your Online Footprint: Limit what you post about. Attackers will use any data they can find to personalize their approach. You should always avoid posting:

  • Program information, including program names
  • Travel
  • Job duties
  • Clearances

Follow CUI Handling Rules Without Exception: No alternate channels. No quick sends. No personal email. Ever.

Report Suspicious Activity Immediately: Your FSO would rather investigate a false alarm than a real compromise. Always use your organization’s reporting channel or contact your security office directly.

Good security comes from consistent habits. Adopt a “Verify First” mindset. Before sending information, granting access, or clicking a link, confirm the request through a trusted channel.

What to Report and How to Report It

Social engineering attacks succeed when suspicious activity goes unreported. Early reporting allows your security team to stop an incident before it spreads, protect sensitive information, and identify patterns that may indicate a larger targeting effort.

 

Report any activity that feels unusual, unexpected, or inconsistent with normal procedures. This includes:

  • Suspicious emails or messages such as unexpected requests for data, access, or login information.
  • Unusual phone calls including urgent requests, unfamiliar numbers, or voices that do not sound quite right.
  • Unexpected document requests especially those involving CUI, PII, or program details.
  • Strange online contact such as unknown individuals asking about your job, travel, or project.
  • Any suspected impersonation whether by email, phone, or social media.

If you are unsure whether something is reportable, treat it as reportable.

Follow your organization’s established reporting process. In most contractor environments, this includes:

  • Contacting your FSO or security office using a known phone number or email.
  • Submitting an internal security incident report through your organization’s reporting system.
  • Providing copies or screenshots of suspicious messages when possible.
  • Reporting immediately even if you already deleted the message or declined the request.

Your FSO would always rather review a false alarm than miss a real threat.

Resources and Additional Learning

As always, if you have any questions…ask your FSO! Your company’s FSO is the best person to help you navigate any questions you have about security compliance, briefing, and reporting requirements. As security professionals, we are here to help you navigate all things security and ensure you fulfill all security requirements.

Reporting Requirements

March 16, 2026

Understanding your responsibilities under
Security Executive Agent Directive 3 (SEAD 3) and 32 CFR Part 117 (NISPOM Rule)

Organizations that perform work on U.S. Government classified contracts must comply with strict reporting requirements under Security Executive Agent Directive 3 and the 32 CFR Part 117 (NISPOM Rule).These requirements apply not only to cleared facilities, but also to Covered Individuals working within those organizations.

Reporting concerns, incidents, or suspicious behaviors helps protect national security and ensures organizations maintain their ability to perform classified work.

Why Reporting Matters
Security reporting is one of the most important responsibilities of anyone working in a federal contractor environment. Timely reporting:

  • Helps identify and mitigate potential threats to national security
  • Helps safeguard an organization’s ability to perform classified work
  • Supports counterintelligence efforts.
  • Protects sensitive government information.

Key reassurances:

  • Self-reporting concerns about your own situation shows honesty, reliability, and integrity.
  • Reporting does not automatically mean someone has done something wrong or will get in trouble.
  • Following reporting requirements is not tattling — it is a professional responsibility.
  • Reporting allows security professionals to review a situation, provide guidance, and resolve potential issues before they become larger problems.

Who Must Report
Reporting is everyone’s responsibility. Anyone working for or with a cleared contractor facility should report security concerns, incidents, or suspicious behavior to their Facility Security Officer.

Covered Individuals also have specific requirements to self-report certain information about themselves.

A Covered Individual is anyone who:

  • Holds a security clearance
  • Is in the process of obtaining a clearance
  • Occupies a Sensitive Position
  • Occupies a position where reporting requirements have been applied by any U.S. government agency or customer.

Sensitive positions include roles where an individual could potentially impact national security, even if they do not have access to classified information.

If you work for or with a cleared contractor facility, you likely have reporting responsibilities—even if you do not hold a security clearance.

What Must Be Reported
While it is not possible to list every reportable situation, the categories below highlight the most common reporting requirements.

All personnel should report concerns related to:

  • Espionage, sabotage, terrorism, or subversive activities
  • Security incidents or violations
  • Suspicious contacts or information collection attempts
  • Adverse information (criminal activity, financial issues, substance misuse)
  • Insider threat indicators
  • Foreign travel
  • Foreign contacts
  • Foreign influence
  • Foreign financial or business interests
  • Personal status changes
  • Cyber intrusions, incidents, or suspicious online activity

Espionage, Sabotage, Terrorism, Subversive Activities – All personnel must report to the FSO immediately:

  • Any circumstance of actual, probable, or possible espionage, sabotage, terrorism, or subversive activities directed at the United States.

Security Incidents – All personnel must report to the FSO immediately:

  • Any known or suspected security incident, violation, infraction, or vulnerability—regardless of who may be responsible.
    • Spillage, Loss, compromise, or suspected loss or compromise of classified material
    • Physical or technical security vulnerabilities
    • Failure to follow proper security procedures

Suspicious Contact – All personnel must report to the FSO immediately:

  • Any contact with known or suspected intelligence officers from any country
  • Any attempt by any individual, regardless of nationality, to
    • Obtain illegal or unauthorized access to classified or sensitive information
    • Exploit or compromise any personnel
    • Establish unusual relationships

Adverse Information: All personnel must report to the FSO immediately:

  • Any information or activities that could adversely reflect on the integrity, trustworthiness, reliability, or character of an individual or that suggests a person’s access to USG information may not be in the interest of national security. Some examples include:
    • Criminal conduct or arrests
    • Financial difficulties or unexplained affluence
    • Substance abuse/misuse
    • Significant personal conduct issues
    • Behavior indicating poor judgment or unreliability
    • Actions that could make a person vulnerable to exploitation or coercion

Insider Threat Indicators – All personnel must report to the FSO immediately:

  • Any information or behavior that may indicate any other person may be a potential insider threat risk. NOTE: Insider Threat indicators are broad. Your company should have an Insider Threat Plan (ITP) that covers this in depth and should have provided you with insider threat awareness training. If you have not taken Insider Threat Awareness training or you do not have access to your company’s ITP, notify your FSO ASAP.

Foreign Travel

  • Covered individuals must report to the FSO, 30 days prior to departure:
    • All foreign travel, both personal and professional.
  • All personnel must report:
    • Travel to high-threat locations
    • Travel inconsistent with financial resources or official duties
    • Short trips inconsistent with logical vacation travel and that is not part of official duties

Foreign Contacts and Influence – Covered individuals must report to the FSO immediately:

  • Close and continuing contact with any foreign national
    • This includes all relatives/family members, friends, acquaintances, romantic relationships, business relationships, etc., whether by phone, mail, e-mail, internet, social media, or in person
  • Contact with anyone associated with any foreign person or foreign entity (Foreign entity includes: foreign-owned organizations, businesses, or governments including a foreign embassy.)
  • Financial obligations to any foreign person or entity
  • Any attempts to solicit a person to act as a representative of any foreign entity

Foreign Financial or Business Interests – Covered personnel must report to the FSO immediately:

  • Foreign investments
  • Foreign bank accounts
  • Foreign real estate purchases
  • Investments in any foreign entity, stocks, or person
  • Employment or consulting engagements with any foreign entity or person
  • Ownership of foreign state-backed, hosted, or managed cryptocurrency
  • Ownership of cryptocurrency wallets hosted by foreign exchanges

Personal Status Changes – Covered personnel must report to the FSO immediately:

  • Name changes (for any reason) and aliases
  • Change in marital status (Marriage, Separation, or Divorce)
  • Change in cohabitation status (New or ended cohabitation)
  • Engagement to a foreign national
  • New immediate relatives
  • Change in citizenship, including obtaining dual citizenship or citizenship by naturalization
  • Change in employment status or any change in requirements for access to classified

Cyber Intrusions and Incidents – All personnel must report to the FSO immediately:

  • Any actual, possible, or potential penetration of information systems or use of technology to target or exploit covered entities and individuals. Some examples include:
    • Phishing attempts
    • Suspicious network activity
    • Unauthorized credential use
    • Cyber intrusions
    • Spillage
    • Online attempts to target or recruit personnel through elicitation, solicitation and marketing of services, direct requests for information

Note – RAP Back Enrollment: Individuals who undergo fingerprinting for a national security clearance are enrolled in the FBI’s Record of Arrest and Prosecution (RAP) Back Program. This program supports continuous vetting under the Trusted Workforce 2.0 framework by notifying U.S. Government agencies when updates to an individual’s criminal history appear in FBI records.

Even with continuous vetting, Covered Individuals are still required to self-report in accordance with SEAD 3.

Self-reporting concerns before they are identified through automated checks often allows issues to be addressed before they become more serious or impact an individual’s clearance eligibility. Self-reporting is often viewed as a positive indicator of honesty, reliability, and integrity during the adjudicative process.

How to Report
If you see something concerning, learn information that may be reportable, or experience a reportable situation yourself–report it to your Facility Security Officer.

If internal reporting is not possible, certain issues may also be reported to the DoD OIG Hotline. The hotline allows individuals to report: Fraud, Waste, Abuse, Whistleblower reprisal, Bribery, Contract or procurement fraud, Conflicts of interest, and certain other types of information. You can learn more about the DoD Hotline here: https://www.dodig.mil/Hotline

Using the DoD Hotline does not relieve you of your reporting obligations under SEAD 3, 32 CFR Part 117, and contractual requirements. Covered Individuals must still report required information to their Facility Security Officer.

When in doubt–report the concern to your Facility Security Officer.

Resources and Additional Learning
Reporting Requirements at a Glance
DCSA Self-Reporting
NISP Reporting Requirements
SEAD 3 – Reporting
SEAD 3 ISL2021-02
SEAD 3 Short
Adjudications – The Whole Person Concept
Reporting the Threat
Reporting Requirements Crossword
Reporting Requirements Word Search
Security Awareness Games
32 CFR Part 117 (NISPOM Rule)
32 CFR Part 147 (Adjudicative Guidelines)

As always, if you have any questions…ask your FSO! Your company’s FSO is the best person to help you navigate any questions you have about security compliance, briefing, and reporting requirements. As security professionals, we are here to help you navigate all things security and ensure you fulfill all security requirements.

Categories

Archives

Learn how FSO PROS® can help
support your security program

Let’s discuss how we can help support your security and compliance needs.
Secret Link