FSO PROS Snippet Category: General Security Awareness

Monthly Newsletter

AI Driven Social Engineering: The New Threat Targeting Federal Contractors

June 15, 2026

Artificial intelligence driven social engineering is no longer a theoretical concern. It is already being used by adversaries to target federal contractors because of the sensitive information, predictable workflows, and publicly visible roles common in this environment. It is important to understand why this threat deserves your attention and how it affects every cleared and uncleared individual.

AI has made social engineering attacks faster, more convincing, and harder to detect. Federal contractors are now prime targets because adversaries can use AI to mimic coworkers, generate realistic emails, and scrape public data to craft highly personalized attacks.

Bottom line: If you work within the federal government space, whether working directly on a government contract or supporting a federal contractor organization, you are a target…regardless of your role, clearance level, or seniority.

How AI Changes the Threat Landscape

AI tools give attackers new capabilities that make their messages and requests appear legitimate. This section outlines the specific ways AI enhances an attacker’s ability to deceive you and why traditional red flags are becoming harder to spot.

  • AI crafted phishing creates messages that look authentic, match your writing style, and reference real project details.
  • Voice cloning allows attackers to imitate a PM, COR, or FSO with only seconds of audio.
  • Automated reconnaissance lets AI tools scan LinkedIn, company sites, and conference lists to map who works on what.
  • Fake documents and memos can include realistic DD254s, onboarding forms, or urgent tasking requests.

These attacks are designed to look normal. That is what makes them dangerous.

Common AI Driven Attack Scenarios

AI powered attacks often appear as routine work requests. Here are a few short, realistic examples of how these attacks show up in daily operations, so you can recognize them quickly and respond safely.

“I Need This Now”

You receive an email or call with a cloned voice from someone you supposedly know, often someone in a position of authority, asking you to pay an invoice, buy something for them urgently, provide business or contract information, asking for their “forgotten” login credentials, or send a CUI package to a personal email because a portal is down.

 “New Subcontractor Access Request”

A realistic looking onboarding form asks you to grant SharePoint access to a supposed teaming partner.

“Conference Logistics Update”

Before a defense conference, you receive a message asking for passport scans or travel details.

“Security Compliance Reminder”

A fake memo claims to be from your FSO and asks you to go to this new link and complete a training.

These are just a few examples but, you can see how in each scenario they are attempting to exploit trust, urgency, and familiar workflows.

How to Protect Yourself, Your Organization, and Your Program

Even as AI attacks become more sophisticated, the most effective defenses remain simple and consistent. This section focuses on practical steps that anyone can apply immediately, regardless of technical background or job role.

Verify Every Request: Use known contact methods, not the ones provided in the message. Check that the email address or phone number is the one you know to be legitimate for the individual. Verify with the person directly, if you are unsure. If something feels off, it probably is.

Slow Down When You See Urgency: Attacks often rely on pressure. Pause. Confirm. Then act.

Protect Your Online Footprint: Limit what you post about. Attackers will use any data they can find to personalize their approach. You should always avoid posting:

  • Program information, including program names
  • Travel
  • Job duties
  • Clearances

Follow CUI Handling Rules Without Exception: No alternate channels. No quick sends. No personal email. Ever.

Report Suspicious Activity Immediately: Your FSO would rather investigate a false alarm than a real compromise. Always use your organization’s reporting channel or contact your security office directly.

Good security comes from consistent habits. Adopt a “Verify First” mindset. Before sending information, granting access, or clicking a link, confirm the request through a trusted channel.

What to Report and How to Report It

Social engineering attacks succeed when suspicious activity goes unreported. Early reporting allows your security team to stop an incident before it spreads, protect sensitive information, and identify patterns that may indicate a larger targeting effort.

 

Report any activity that feels unusual, unexpected, or inconsistent with normal procedures. This includes:

  • Suspicious emails or messages such as unexpected requests for data, access, or login information.
  • Unusual phone calls including urgent requests, unfamiliar numbers, or voices that do not sound quite right.
  • Unexpected document requests especially those involving CUI, PII, or program details.
  • Strange online contact such as unknown individuals asking about your job, travel, or project.
  • Any suspected impersonation whether by email, phone, or social media.

If you are unsure whether something is reportable, treat it as reportable.

Follow your organization’s established reporting process. In most contractor environments, this includes:

  • Contacting your FSO or security office using a known phone number or email.
  • Submitting an internal security incident report through your organization’s reporting system.
  • Providing copies or screenshots of suspicious messages when possible.
  • Reporting immediately even if you already deleted the message or declined the request.

Your FSO would always rather review a false alarm than miss a real threat.

Resources and Additional Learning

As always, if you have any questions…ask your FSO! Your company’s FSO is the best person to help you navigate any questions you have about security compliance, briefing, and reporting requirements. As security professionals, we are here to help you navigate all things security and ensure you fulfill all security requirements.

Mental Health & Security Clearances

May 15, 2026

Mental health is a critical component of readiness, resilience, and long‑term performance in the federal contracting workforce. Yet one of the most persistent misconceptions is the belief that seeking mental health care jeopardizes a security clearance.

In reality, the modern personnel clearance vetting system recognizes that responsible self‑care strengthens national security, and untreated issues — not treatment — are what raise concerns. In this month’s newsletter, we’ll break down some facts, dispel a few myths, and provide clear guidance on what to report and how to stay compliant.

Understanding Mental Health Factors in Security

The security clearance system evaluates mental health through the lens of judgment, reliability, and trustworthiness. It does not penalize individuals for seeking help. Adjudicators look for signs of stability, insight, and responsible behavior — all of which are demonstrated when someone proactively manages their mental health.

Mental health considerations are evaluated under the national adjudicative guidelines using the “whole-person” concept.

Key points:

  • Treatment is considered a positive indicator of responsibility.
  • Untreated or concealed issues are more concerning than diagnosed, managed conditions.
  • The whole‑person concept means no single factor determines eligibility.

What the Data Shows

Despite official guidance, many contractor personnel still fear that therapy or counseling could threaten their clearance. The data tells a different story.

Psychological conditions alone account for relatively few security clearance denials or revocations.

Cases that do raise concerns typically involve untreated conditions, impaired judgment, lack of compliance with treatment recommendations, failure to comply with reporting requirements, or efforts to conceal relevant issues — not participation in treatment itself.

The system is designed to encourage treatment, not discourage it. This misunderstanding can lead to avoidance of care, which increases stress and decreases mission readiness.

How Adjudicators Evaluate Mental Health Considerations

When mental health information is relevant, adjudicators focus on:

  • Stability over time
  • Consistency in treatment
  • Professional recommendations
  • Impact on daily functioning
  • Demonstrated reliability in work and personal life

Adjudicators focus on whether a condition affects judgment, reliability, or trustworthiness. Proactive treatment and demonstrated stability are generally viewed positively.

Self-Reporting Mental Health Considerations

During completion of the personnel vetting questionnaire and under ongoing personnel security reporting requirements, cleared and covered individuals may be required to report certain mental-health-related situations.

Cleared and covered individuals are required to self-report specific mental‑health‑related situations:

  • Court‑ordered mental health evaluations or treatment
  • Inpatient hospitalizations (voluntary or involuntary)
  • Mental health conditions or behaviors that substantially impair judgment, reliability, or trustworthiness
  • Conditions that substantially affect your ability to function safely or responsibly

You are NOT required to report:

  • Routine outpatient counseling for stress management, grief support, or relationship issues
  • Employee Assistance Program (EAP) sessions

Reporting Mental Health Concerns About Others

In high‑trust environments like the federal contracting workforce, everyone plays a role in safeguarding national security. While individuals are responsible for managing and reporting their own mental health information, there are situations where you may observe behaviors in others that raise legitimate concerns about judgment, reliability, or ability to safeguard information.

This is not about diagnosing someone — it’s about recognizing when a colleague’s behavior may indicate a security concern, whether mental‑health‑related or not.

When Should You Report a Concern?

You should report a concern when you observe behaviors that could reasonably indicate a risk to:

  • Judgment
  • Reliability
  • Emotional stability
  • Safety
  • Ability to protect classified information

Examples include:

  • Sudden or extreme changes in behavior or mood
  • Statements indicating hopelessness, self‑harm, or harm to others
  • Severe emotional distress that interferes with work
  • Erratic or unpredictable behavior in secure environments
  • Substance misuse that affects functioning

These behaviors are security‑relevant regardless of whether they stem from mental health, stress, personal issues, or other causes.

What You Should NOT Do

  • Do not attempt to diagnose the person
  • Do not confront them aggressively or speculate about their condition
  • Do not share your concerns widely with coworkers
  • Your role is to observe and report, not to investigate or intervene clinically.

Why Reporting Matters and How to Report Concerns

Reporting concerns is intended to protect both personnel and national security. Early reporting can help individuals access support, prevent escalation, and reduce risk to the mission. Many issues can be resolved through assistance, counseling, or temporary adjustments.

The goal is to encourage personnel to seek support early, use available resources, and remain compliant with applicable reporting requirements. DCSA emphasizes that the intent is to support personnel, not penalize them.

Reporting is not punitive — it is protective. Early reporting allows:

  • Supportive intervention
  • Access to resources
  • Prevention of escalation
  • Protection of the individual and the mission

Reporting requirements can vary by agency, contract, and employer policy. When in doubt, consult your organization’s Facility Security Officer (FSO). They can get the information into the right hands for evaluation and are trained to protect privacy and support any further action that may be needed.

Mental health concerns or behaviors, about yourself or someone else, should be reported to your FSO. They can evaluate the situation, protect privacy, and determine whether further action is needed.

If there is an immediate safety concern, contact emergency services.

 

Resources and Additional Learning

 

As always, if you have any questions…consult your FSO! Your company’s FSO is the best person to help you navigate any questions you have about security compliance, briefing, and reporting requirements. As security professionals, we are here to help you navigate reporting obligations, compliance requirements, and personnel security processes.

Foreign Travel Reporting Requirements

April 17, 2026

Traveling outside the United States can expose U.S. citizens to increased risks, including potential targeting—even in low-risk destinations. Taking appropriate precautions is essential to maintaining safety and awareness.

In accordance with Security Executive Agent Directive 3 (SEAD 3), certain personnel—referred to as “covered individuals”—are required to comply with foreign travel reporting requirements, designed to protect personnel, organizations, and national security interests.

All foreign travel by covered individuals is subject to pre- and post-travel reporting requirements, regardless of whether the travel is personal, business related, government contract related, or for any other reason.

Who Foreign Travel Reporting Applies To

“Covered individuals” are required to report foreign travel.

Covered individuals include personnel designated by their agency or organization who, due to their role, access, or affiliation, are subject to foreign travel reporting requirements under SEAD 3. This may include, but is not limited to, individuals with access to classified information, sensitive information, systems, or facilities.

Employees, consultants, and contractors supporting organizations that perform work for the U.S. Government may be designated as covered individuals and therefore subject to foreign travel briefing and reporting requirements.

If you are unsure if you are considered a covered individual, it is your responsibility to contact your Facility Security Officer (FSO) for clarification.

Before You Travel: Pre-Travel Briefing & Reporting

Covered individuals are required to report any planned foreign travel in advance of departure.

Whenever possible, you should notify your FSO at least 30 days in advance. This allows sufficient time for your security team to assess potential risks, provide country-specific guidance, and coordinate any required briefings prior to travel.

What must be reported:

All travel outside the U.S., including to Canada and Mexico, regardless of purpose.

Required Actions:

  • Notify your Facility Security Officer (FSO) at least 30 days in advance of departure, whenever possible.
  • Complete any required pre-travel briefings.
  • Complete all required pre-travel reporting forms.
  • Submit your travel itinerary through the appropriate channels designated by your organization.
  • Review applicable travel advisories or restricted country lists.
  • Ensure your contact and emergency information is current.
  • Report any changes to your travel itinerary to your FSO as soon as possible.

Additional approvals or briefings may be required depending on destination risk level or duration of travel, particularly for high-threat locations.

Special Circumstances:

  • Border travel (Canada and Mexico): Planned travel must still be reported prior to departure. Unplanned or short notice travel must be reported within five (5) days of return.
  • Overseas assignments: If you are assigned or stationed outside the United States, travel outside your country of assignment must be reported in accordance with these requirements.
  • Transits / layovers: Travel that includes layovers or transit through a foreign country is reportable foreign travel.
  • Cruise travel: Cruises that visit foreign ports are considered reportable foreign travel, regardless of whether you disembark.
  • Extended stays or repeated travel: Each instance of foreign travel must be reported, including repeated or short-duration trips.
  • Dual citizenship / foreign residency ties: Travel to a country of dual citizenship or prior residence remains subject to reporting requirements and must be conducted using a U.S. passport in accordance with applicable requirements.
  • Family or personal visits abroad: Travel to visit family, relatives, or personal contacts in a foreign country is reportable foreign travel.

While Traveling: Stay Alert

While outside the United States, you are expected to maintain a heightened level of awareness.

Key considerations:

  • Do not disclose classified, sensitive, proprietary, or controlled information.
  • Do not bring government-furnished or organization-issued equipment without prior written authorization from the appropriate authority.
  • Limit use of government-issued or work devices unless specifically authorized.
  • Be cautious with all electronic devices. Treat foreign networks and systems as potentially unsecure and assume they may be subject to monitoring or compromise.
  • Be alert to and disengage from suspicious interactions or inquiries. Report any suspicious contacts or incidents as soon as feasible.
  • Comply with all local laws while continuing to meet U.S. security expectations.
  • Report any changes to your travel itinerary to your Facility Security Officer (FSO) as soon as possible.

After You Return: Post-Travel Reporting

Post-travel reporting and debriefing is a critical component of SEAD 3 compliance. Covered individuals are expected to report their return from foreign travel within 72 hours of arrival in the United States.

Timely post-travel reporting is required and is just as important as pre-travel reporting.

You are required to:

  • Complete a foreign travel debrief or report.
  • Confirm return from foreign travel within required reporting timelines.
  • Confirm that no government-furnished, organization/company-furnished, or personal devices, systems, or credentials were compromised during travel or as a result of foreign contact.
  • Submit any required post-travel documentation or reporting forms through the appropriate security channel.

You are required to report any notable or unusual incidents, including (but not limited to):

  • Questioning by foreign officials beyond normal customs or immigration procedures.
  • Attempts to elicit classified, sensitive, or controlled information.
  • Attempts to elicit information under casual, social, or indirect pretexts.
  • Attempts by foreign nationals to establish ongoing contact.
  • Casual conversations that evolve into questions about job, access, or organization details.
  • New relationships (of any nature) with foreign nationals with whom you intend to maintain ongoing contact.
  • Offers of gifts, favors, or incentives.
  • Any interaction that was suspicious, persistent, caused concern, or appeared out of the ordinary.
  • Indicators of surveillance, monitoring, or being followed during travel.
  • Suspicious observation, photography, recording, or documentation of you or your activities.
  • Device anomalies or unexpected device behavior, such as unexplained resets, new apps, signs of tampering, loss of device control, forced login prompts, or unexpected lockouts.
  • Unusual financial interactions or inducements, suspicious payments, reimbursements, or attempts to engage you in financial arrangements.
  • Attempts to coerce, pressure, intimidate, blackmail, or influence behavior or decision-making during or after travel.
  • Any travel disruption or interference that appears intentional or unusual.

Timely and accurate post-travel reporting enables security personnel to assess potential risk indicators and take appropriate mitigation actions.

Why Foreign Travel Briefing and Reporting Matters

Foreign travel can increase the risk of targeting by foreign intelligence services, as well as exposure to foreign intelligence collection, exploitation, or coercion. Reporting requirements under SEAD 3 are intended to reduce these risks and ensure appropriate support if issues arise.

Reporting foreign travel also plays an important role in personal safety. In the event of natural disasters, civil unrest, or other emergencies abroad, having your travel on record allows your organization to quickly account for your location and provide assistance if needed. This enables faster coordination of communication, support, and, when necessary, evacuation.

These requirements are not just procedural—they are designed to safeguard personnel and national security.

Failure to comply with reporting obligations may result in administrative or security-related action and could impact your security clearance or eligibility to perform on government contracts.

If you’re unsure whether your travel needs to be reported, contact your FSO or security team before making plans. Reporting travel in advance ensures the appropriate briefing and reporting requirements can be identified and applied to your specific circumstances.

Staying informed and meeting reporting requirements helps reduce risk and ensures appropriate support is available when it matters most.

Resources and Additional Learning

As always, if you have any questions, ask your FSO. Your company’s FSO is the best person to help you navigate any questions you have about security compliance, briefing, and reporting requirements. As security professionals, we are here to help you navigate all things security and ensure you fulfill all security requirements.

Categories

Archives

Learn how FSO PROS® can help
support your security program

Let’s discuss how we can help support your security and compliance needs.
Secret Link