QUANTICO, Va. (AFNS) —
When a social media message pops up offering a high-paying consulting job from an unknown recruiter, it’s easy to be intrigued.
But before you accept this too-good-to-be-true offer, think twice.
For many current and former members of the Department of the Air Force, and increasingly, across the entire U.S. government workforce, this is the first step in a recruitment scheme by foreign intelligence entities, officials warn.
“Our adversaries are exploiting personal freedoms and online platforms to target our people,” said a counterintelligence analyst assigned to the AFOSI Center. “These aren’t random messages. They’re calculated attempts to exploit trust.”
The analyst could not be named for operational reasons. However, their concern was echoed at the highest levels of the agency.
“These aren’t just job offers, they’re intelligence operations in disguise,” said Special Agent Lee Russ, executive director of AFOSI Office of Special Projects. “Our adversaries are targeting the very people who’ve kept this nation secure.”
According to an April 2025 memo from the National Counterintelligence and Security Center, hostile foreign intelligence entities have targeted U.S. government personnel by posing as consulting firms, headhunters and think tanks.
“This isn’t a new tactic, it’s just become more aggressive and more refined,” the analyst said. “Adversaries have figured out how to blend into legitimate spaces online.”
According to the NCSC release, which operates under the Office of the Director of National Intelligence, these schemes are part of a broader campaign to collect sensitive information from individuals with U.S. government backgrounds, often under the guise of employment opportunities.
“Recruiters often appear friendly and credible, offering flattery and emphasizing your government experience,” Russ said. “They may pose as representatives of legitimate, even allied-nation companies, making their approach seem trustworthy.”
These outreach efforts often begin with what appears to be a professional opportunity, like a message from a recruiter or a inquiry that aligns with the target’s background, the analyst said.
That sense of normalcy is what lowers defenses and allows the interaction to progress unnoticed.
“The sophistication is what makes it dangerous,” the analyst said. “Adversaries are using professional norms and targeting people who’ve let their guard down because the interaction seems normal.”
These increasingly advanced attempts often appear via social media, email, or job platforms, making them difficult to detect.
“Foreign actors reach out to service members privately, which means there’s no institutional oversight,” the analyst added. “What someone does on their personal account doesn’t necessarily have the same safeguards as an official one, and adversaries are taking advantage of that.”
Over time, those conversations can shift subtly from general networking to probing questions. Then, what started as a casual dialogue quietly shifts into something more serious.
“These schemes have evolved into long-term social engineering campaigns designed to appear professional and legitimate,” Russ said.
What makes these campaigns particularly effective, officials say, is how gradually they unfold.
“In many cases, targets are asked to provide commentary on general policy issues or draft seemingly harmless reports, usually in exchange for generous compensation and flexible remote work,” Russ said. “But over time, these requests escalate, which helps foreign adversaries refine their military tactics and strategic operations.”
The shift is rarely abrupt. Instead, foreign actors rely on building a sense of trust, normalizing the exchange of information before introducing more sensitive requests.
“They’re not going to ask for secrets right away,” the analyst said. “They build credibility first, then slowly shift the conversation. By the time it feels suspicious, a relationship has already been established and that’s exactly what they’re counting on.”
Several red flags can signal malicious intent behind a job offer, he added. These include unusually high pay for minimal work, pressure to move conversations off trusted platforms like LinkedIn, and use of encrypted messaging apps.
“Urgency tactics, such as limited-time offers, exclusive opportunities or unusually fast hiring and payment cycles, are all designed to bypass due diligence and rush targets into compromising decisions,” Russ said. “In some cases, individuals are promised immediate payment upon task completion to encourage quick participation without proper vetting.”
In many cases, recruiters will push for increasingly detailed and potentially restricted information, often under the pretense that it is needed for strategic insights or market research.
“The reality is, if you’ve ever had access to sensitive material, classified or not, you’re a potential target,” the analyst said. “Foreign adversaries are not just chasing secrets; they’re after any information that could give them a strategic edge.”
These hostile adversaries aren’t limiting their outreach to active military or intelligence personnel, either. Everyone from uniformed service members and reservists to civilian employees, contractors and retirees are within scope, the analyst said.
Engaging with these recruitment attempts can carry serious consequences. U.S. security clearance holders are legally bound to protect classified information, even after leaving government service.
“One of the problems we have is people just ignore the messages and forget about it,” the analyst said. “But even if you ignored it, that interaction can still help us. We’re not looking to punish someone for being contacted, we want to understand the tactics being used so we can protect the rest of the force.”
“If you believe you’ve been targeted, or know someone who has, report it,” Russ said. “Whether you’re still in uniform or long since retired, stay sharp. In today’s fight, vigilance online can be just as vital as readiness on the battlefield.”
As the analyst explained, as adversaries exploit the freedoms of digital platforms to target individuals, the lines between counterintelligence and force protection are increasingly blur.
“We’re not going to investigate our way out of this,” the analyst said. “The scope is too broad, and it crosses too deeply into personal privacy. The most powerful weapon we have is self-reporting. When people flag suspicious outreach early, it gives us a fighting chance.”
By Thomas Brading, AFOSI Public Affairs
Releasing agency note:
That is why early reporting, no matter how minor, can play a critical role in preventing adversary access. For example, programs like Eagle Eyes have supported this effort by encouraging both military personnel and civilians to report any suspicious behavior.
For more information on Eagle Eyes or to find your local AFOSI detachment, submit a tip directly with AFOSI at www.osi.af.mil/Contact-Us or the FBI at tips.fbi.gov.
Additional resources are available from the National Counterintelligence and Security Center at www.ncsc.gov, the Defense Counterintelligence and Security Agency at www.dcsa.mil, and the FBI at www.fbi.gov.
You can skip to the end and leave a response. Pinging is currently not allowed.
Read the full article here
