Suspicious Contact

Every federal contractor facility has access to U.S. government information, in some form or fashion. As such, every person that works for or with a federal contractor facility has a direct impact on the security of our country and the safety of our people and technology.
 
Due to technological advances, the threat from adversaries looking to do harm to the United States has never been greater. The ease of connecting with people across the globe, and increasingly advanced capabilities to hide or steal someone’s identity, have made it simple for bad actors to contact, and potentially exploit, anyone that could potentially help them obtain information to further their malicious objectives.
 
Our work for the U.S. government, and all information obtained through that work, must be protected from these threats. Every person, at every level of business, plays an important role in that protection as we all have at least one piece of information that would be beneficial to a U.S. adversary.  You may think you don’t know anything that would be helpful but, one seemingly small piece of information could be the missing link that an adversary needs to do harm.
 
As such, we must all be aware of the ways that our adversaries will attempt to exploit us to obtain information. We must know what suspicious contact looks like and how to report it. It is important to consider the possibility of suspicious contact in every professional and personal interaction.
 
What is Suspicious Contact?
Consider this. You are out celebrating your promotion with some colleagues. A nice couple at the bar overhears your celebration, so they come over and engage you in conversation. Initially, they simply congratulate you and ask a few seemingly innocent questions, but their questions turn into deeper inquiries about your company and the work you do. Should you report this interaction to your FSO?
 
Now consider this. You are at a seminar. You strike up a conversation with a fellow attendee, who tells you that they are a college student looking to land an opportunity in your field. They ask a lot of questions about a government project you did work on. You evade the questions and turn the conversation elsewhere, however, after the seminar they begin emailing you, continuing to probe about your work and persistently ask if you can get them onto your latest project. Should you report this interaction to your FSO?
 
Finally, consider this. You are a recruiter considering candidates for a position supporting a government contract that states U.S. citizenship or security clearance is required. You receive a resume from an individual and it is evident that the person does not meet the citizenship requirements. Should you report this to your FSO?
 
In all of these scenarios, the answer is YES. These are all examples of reportable suspicious contact.
 
Suspicious contact is any effort by any individual, regardless of nationality, to obtain illegal or unauthorized access to information or to compromise an individual, as well as all contacts with known or suspected intelligence officers from any country, or any contact which suggests the individual concerned may be the target of an attempted exploitation.
 
Suspicious Contact Tactics
Not all suspicious contact is obvious. While it is possible that a foreign spy will walk up to you and simply ask for sensitive or classified information, elicitation is typically more subtle.
 
Elicitation is the strategic use of conversation to extract information from people, without giving them the sense that they are being interrogated, to facilitate future targeting attempts.
 
Information collectors for foreign intelligence entities (FIE) commonly use elicitation to collect sensitive and/or classified information through what appears to be normal, even mundane, social or professional contact. They attempt to confirm or expand upon their knowledge or gain clearer insight into a person’s placement and access to assess the possibility of exploitation or recruitment. These attempts can come in many forms, from many places, all of which are relevant and must be reported appropriately.
 
Information collectors come from all over the world, even from “friendly” countries. They target a variety of technologies and information, through many operational methods, utilizing a wide range of contact methods. DCSA and DNI both put out a report each year regarding the top threats and mechanisms. According to the DCSA 2024 Report on Targeting U.S. Technologies and the DNI 2025 Annual Threat Assessment, the following are the most prevalent concerns and methods.
 
Top 3 Information Collector Regions are:

• East Asia and the Pacific
• Near East
• Europe and Eurasia

 
Top Targeted Technologies are:

• Software
• Electronics
• Aeronautics Systems
• Manufacturing Equipment & Processes
• Services and Other Products

 
Top Methods of Operation are:

• Resume Submission *Number 1 method*
• RFI/Solicitation
• Exploitation of Business Activities
• Exploitation of Supply Chain
• Exploitation of Experts
• Exploitation of Cyber Operations

 
Top Methods of Contact are:

• Email
• Resumes – Academic & Professional
• Web Form Submissions
• Social Networking Services
• Foreign Visits

 
Information Collectors may be commercial sector affiliated, foreign government affiliated, or individuals of unknown affiliation. Though these reports rate the top methods of contact, it is important to note that suspicious contact occurs through a wide variety of methods and all should be considered.

• Social or Professional Networking
• Resume/CV Submittal (Academic and/or professional)
• In-person contact
• Phone contact
• Email contact
• Phishing operations (Phishing, Spear, cloning, whaling, etc.)
• Web Form Submissions
• Conferences, Conventions, or Tradeshows
• Exploitation of Foreign Travelers
• Foreign Visits
• Mail

 
Recognizing Suspicious Contact and Applying Countermeasures
Suspicious contact can occur by any means where a foreign actor, agent, or recruiter is in direct or indirect
contact with the target. They may even work through known and trusted contacts to do so.
 
Likely indicators of elicitation and suspicious contact include, but may not be limited to:

• Business contact requesting information outside the contract scope, or through an increased or gradual progression of information initiated from legitimately authorized business discussions.
• Hidden/obscured end use/end user data.
• Offer of paid attendance at an overseas conference, keynote or guest speaker invitations.
• A casual acquaintance appears to know more about your work or project than expected.
• A casual contact shows an unusual interest in your work, facility, personnel, or family details.

 
Examples of reportable suspicious Contact include, but may not be limited to:

• Any individual’s efforts, regardless of nationality, to obtain illegal or unauthorized access to sensitive or classified information or to compromise a cleared individual.
• All contacts with known or suspected foreign intelligence services, operators, or information collectors.
• Any contact that suggests foreign intelligence services may be targeting an individual for exploitation.
• Any business contact requesting information outside the scope of an existing contract or agreement.
• Any business or personal contact seeking information about your coworkers or job duties.
• Any business or personal contact requesting you to violate company policy or security procedures.

• Any illegal or unauthorized attempts to access export-controlled information and material.

 
Things you can do to reduce the risk of exploitation:

• If you have any reason to believe that a person has requested restricted information or is attempting to place you in an exploitable situation, report it.
• Know what information you cannot share and be suspicious of those who seek such information.
• Do not share anything the elicitor is not authorized to know, including personal information about yourself, your family, or your coworkers.
• Be aware that outreach may occur via social media.
• Plan tactful ways to deflect probing or intrusive questions.
• Never feel compelled to answer any question that makes you feel uncomfortable.

 
If you believe someone is actively attempting to elicit information from you, you can:

• Change the topic
• Refer them to public websites
• Deflect the question
• Provide a very vague answer
• State that you do not know

 
At the heart of it all is this: No matter where you are, no matter who you are communicating with…Care what you share and report suspicious interactions! Do not take anything for granted when being asked for information. It is always important to be situationally aware when we are discussing work, and we should never assume that someone is simply curious when they are asking questions.
 
 
 
Why Reporting is Critical & How to Report Concerns
You are a target because of where you work, who you work with, and the sensitive or classified information you could potentially have access to. Every individual that works for or with an organization that performs on U.S. Government contracts should be wary of anyone that tries to obtain information that they are not authorized to have. 
 
Elicitation can be subtle. Requests from professional or personal contacts may seem harmless, however, you should report any odd or suspicious conversations to your company’s FSO immediately upon occurrence.
 
It is important to note that it is NOT your job to determine if suspicious communications present a legitimate concern or threat. It IS your responsibility to simply report any suspicious interactions to your FSO. The FSO is in the best position to assess the situation and ensure the information gets to the appropriate government officials for investigation.
 
A good rule of thumb when interacting with others, is this: If you have to say “No” let your Facility Security Officer know.
 
You must report the following to your FSO immediately:

• Any suspicious emails, phone calls, or social interactions.
• Any suspicious interactions
• Any suspicious emails wherein the sender is asking for information about the company, current or projected contracts, your work, etc.
• Any resumes received by foreign nationals wherein the person is applying to a position that requires U.S. citizenship or security clearance.
• Any suspected elicitation attempts while at conferences, conventions, seminars, tradeshows, etc.
• If any person asks you questions that seem strange, a bit too probing, or obviously inappropriate.
• If you ever feel that you, or someone you know, may be a target of elicitation, exploitation, blackmail, coercion, or enticement to obtain sensitive or classified information.

 
Resources and Additional Learning:
DNI 2025 Threat Assessment Report
DCSA 2024 Targeting U.S. Technologies Report
Identifying Suspicious Contact
What to Report – Examples of Suspicious Contact
Suspicious Emails
Reporting Job Aid
Case Study Library
32 CFR Part 117 (NISPOM Rule)
32 CFR Part 147 (Adjudicative Guidelines)
 
 
As always, if you have any questions about whether or not a situation requires reporting, ask your FSO! Your company’s FSO is the best person to help you navigate any questions you have about security compliance, briefing, and reporting requirements. As security professionals, FSO PROS® is here to help you navigate things to ensure you fulfill all requirements.