An official website of the United States government
Here's how you know
A .mil website belongs to an official U.S. Department of Defense organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.

News | Oct. 20, 2022

CSAM Week 3: Recognizing, reporting phishing

By By DCMA Information Technology

The Defense Contract Management Agency’s Information Technology Cybersecurity team champions Cybersecurity Awareness Month, or CSAM, to ensure good cyber habits. With the holiday online purchasing season approaching, October is the ideal time for personnel to learn about their cyber presence and the role cybersecurity plays in keeping DCMA, its customers and the warfighter secure.

Week three focuses on phishing attempts.

What is phishing?

Phishing and spam are different but equally dangerous. Spam, often referred to as junk email, is unsolicited, commercial advertising that is sent in bulk emails. Phishing occurs when criminals use fake emails to lure users into clicking on links to hand over personal information or install malware on devices. It’s easy to avoid a phishing emails when you know the indicators.

Indicators of a phish.

When criminals go phishing, the signs can be subtle. Here are some tips to clearly spot a phishing scam email:

  • It contains an offer that is too good to be true.
  • It contains language that is urgent, alarming or threatening.
  • It is poorly crafted and written with misspellings and bad grammar.
  • It contains ambiguous or very generic greetings.
  • It has requests to send personal information.
  • It has urgent language to click on unfamiliar hyperlinks or attachments.
  • It contains strange or abrupt business requests.
  • The sending email address doesn’t match the company from which it is coming.
  • It comes from an unusual or unexpected source or at unexpected time.

You have received a phishing email. What do you do?

If you receive a suspicious email, spam or phishing attempt to your work email address, do not click on any links or open any attachments. Report the email to the DCMAIT Cybersecurity Team by following the instructions outlined within KB Article KB-0000232 – “DoD365 (Outlook) - Unsolicited Email/SPAM Handling” (login required).

If the email comes to a personal email address, do not reply or click on any links — not even the unsubscribe link. Just delete it. You can take protection a step further and block the sending address and report the phishing attempt to your email service.

For more information about phishing or other cybersecurity topics, visit the agency’s Cybersecurity Awareness Month 365 page (login required).