An official website of the United States government
Here's how you know
A .mil website belongs to an official U.S. Department of Defense organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.

News | Oct. 24, 2023

CSAM 2023 Week 3: Recognizing and Reporting Phishing

DCMA Information Technology

The Defense Contract Management Agency’s Information Technology Cybersecurity team champions Cybersecurity Awareness Month, or CSAM, to ensure good cyber habits. Phishing attacks have become an increasingly common problem for organizations of all sizes and can be very difficult to spot. It’s important every individual stop and think before clicking on a link or opening an attachment and know how to spot red flags. Cybersecurity Awareness Month 2023 guidance provides the tools needed to recognize and report phishing it to their organization or email provider.

Week Three focuses on the importance of recognizing and reporting phishing.

DCMA Cybersecurity Tips and Advice

Phishing occurs when criminals try to get you to open harmful links or attachments that could steal personal information or infect devices. Phishing messages or “bait” usually come in the form of an email, text, direct message on social media or phone call. These messages are often designed to look like they come from a trusted person or organization, to get you to respond. The good news is you can avoid the phish hook and keep accounts secure!

1. Recognize - Look for these common signs:

  • Urgent or alarming language
  • Requests to send personal and financial information
  • Poor writing, misspellings, or unusual language
  • Incorrect email addresses, domain names, or links to known retailers or organizations

2. Report - If you suspect phishing, report the phish to protect yourself and others.

  • If you receive a suspicious email, spam or phishing attempt to your work email address, do not click on any links or open any attachments.
  • Report the email to the DCMAIT Cybersecurity Team by following the instructions outlined within KB Article KB-0000232 – “DoD365 (Outlook) – Unsolicited Email/SPAM Handling” (employee login required).
  • For personal email accounts, you may be able to report spam or phishing to your email provider by right-clicking on the message.

3. Delete - Delete the message. the most important action you can take is DO NOT CLICK ON ANY LINKS OR OPEN ANY ATTACHMENTS. This includes any “unsubscribe” link. Just delete.

4. Protect – Use the following to protect yourself and the DCMA network:

  • Enable Multi-Factor Authentication (MFA) to help protect against the attacker obtaining your credentials (such as passwords)
  • Use and update antivirus and anti-malware software
  • Ensure Software and applications are up to date
  • Web filters

What if I click on a link or open an attachment?

If you have clicked on a link and/or opened an attachment to a suspicious email from your work DCMA-issued computer, tablet or phone, contact the DCMA Service Center as quickly as possible via phone (1-888-576-3262), email, or by visiting the Service Catalog Portal online at

Additional Facts and Figures

  • 90% of successful cyber attacks start with phishing (Cloudflare)
  • 60% of the top phishing threat categories observed by Cloudflare were a deceptive link and domain age fraud. 
    • Deceptive link – attackers can make a URL appear as if it links to a benign site when, in fact, it is malicious.
    • Domain age fraud – attackers registering a new domain (such as, and immediately using it send out numerous emails.

For more information about phishing and other cybersecurity topics, visit the Cybersecurity and Infrastructure Security Agency website or the Cybersecurity Awareness Month webpage on DCMA 365 (employee login required).