QUANTICO, Virginia –
The Defense Counterintelligence and Security Agency has been made aware of a sophisticated malicious phishing email circulating that references the collection of an “SF-86_F” or an SF-86 (an example of the email is below).
Please do not engage with this email and advise your staff not to engage with it; you should report it to your security office or cyber security team and delete it immediately if received.
This email is NOT coming from DCSA, or any other vetting or Personnel Security entity in the U.S. Government or Department of Defense. IT professionals have confirmed that the email is malicious in nature.
In some cases, the link is associated with an individual who is listed in the DOD phone directory and in a few cases, that individual has turned out to be an actual security manager.
This email has a fairly high ability to potentially trick individuals because they may not know that an SF-86F does not exist, and because the site that it leads to as well as the email look legitimate enough to get people to act, especially with the quick suspense date in the subject line.
Email example:
ALCON,
Due to a number of high profile spillages and intelligence leaks, all federal and DoD Contract employees are required to view the "DoD Reporting and You" powerpoint training and respond to a six question self-report addendum to their SF-86.
If your response is "yes" to any of the addendum questions, you will need to fill out a SF86_F form for each affirmative answer.
The training and addendum questionnaire can be found here: SF-86 Addendum (this is where the malicious link generally is)