SureFire

Archive for the ‘Caveat Emptor’ Category

Foreign Intel Job Scams Target Current, Former DoD Employees

Thursday, April 24th, 2025

QUANTICO, Va. (AFNS) —

When a social media message pops up offering a high-paying consulting job from an unknown recruiter, it’s easy to be intrigued.

But before you accept this too-good-to-be-true offer, think twice.

For many current and former members of the Department of the Air Force, and increasingly, across the entire U.S. government workforce, this is the first step in a recruitment scheme by foreign intelligence entities, officials warn.

“Our adversaries are exploiting personal freedoms and online platforms to target our people,” said a counterintelligence analyst assigned to the AFOSI Center. “These aren’t random messages. They’re calculated attempts to exploit trust.”

The analyst could not be named for operational reasons. However, their concern was echoed at the highest levels of the agency.

“These aren’t just job offers, they’re intelligence operations in disguise,” said Special Agent Lee Russ, executive director of AFOSI Office of Special Projects. “Our adversaries are targeting the very people who’ve kept this nation secure.”

According to an April 2025 memo from the National Counterintelligence and Security Center, hostile foreign intelligence entities have targeted U.S. government personnel by posing as consulting firms, headhunters and think tanks.

“This isn’t a new tactic, it’s just become more aggressive and more refined,” the analyst said. “Adversaries have figured out how to blend into legitimate spaces online.”

According to the NCSC release, which operates under the Office of the Director of National Intelligence, these schemes are part of a broader campaign to collect sensitive information from individuals with U.S. government backgrounds, often under the guise of employment opportunities.

“Recruiters often appear friendly and credible, offering flattery and emphasizing your government experience,” Russ said. “They may pose as representatives of legitimate, even allied-nation companies, making their approach seem trustworthy.”

These outreach efforts often begin with what appears to be a professional opportunity, like a message from a recruiter or a inquiry that aligns with the target’s background, the analyst said.

That sense of normalcy is what lowers defenses and allows the interaction to progress unnoticed.

“The sophistication is what makes it dangerous,” the analyst said. “Adversaries are using professional norms and targeting people who’ve let their guard down because the interaction seems normal.”

These increasingly advanced attempts often appear via social media, email, or job platforms, making them difficult to detect.

“Foreign actors reach out to service members privately, which means there’s no institutional oversight,” the analyst added. “What someone does on their personal account doesn’t necessarily have the same safeguards as an official one, and adversaries are taking advantage of that.”

Over time, those conversations can shift subtly from general networking to probing questions. Then, what started as a casual dialogue quietly shifts into something more serious.

“These schemes have evolved into long-term social engineering campaigns designed to appear professional and legitimate,” Russ said.

What makes these campaigns particularly effective, officials say, is how gradually they unfold.

“In many cases, targets are asked to provide commentary on general policy issues or draft seemingly harmless reports, usually in exchange for generous compensation and flexible remote work,” Russ said. “But over time, these requests escalate, which helps foreign adversaries refine their military tactics and strategic operations.”

The shift is rarely abrupt. Instead, foreign actors rely on building a sense of trust, normalizing the exchange of information before introducing more sensitive requests.

“They’re not going to ask for secrets right away,” the analyst said. “They build credibility first, then slowly shift the conversation. By the time it feels suspicious, a relationship has already been established and that’s exactly what they’re counting on.”

Several red flags can signal malicious intent behind a job offer, he added. These include unusually high pay for minimal work, pressure to move conversations off trusted platforms like LinkedIn, and use of encrypted messaging apps.

“Urgency tactics, such as limited-time offers, exclusive opportunities or unusually fast hiring and payment cycles, are all designed to bypass due diligence and rush targets into compromising decisions,” Russ said. “In some cases, individuals are promised immediate payment upon task completion to encourage quick participation without proper vetting.”

In many cases, recruiters will push for increasingly detailed and potentially restricted information, often under the pretense that it is needed for strategic insights or market research.

“The reality is, if you’ve ever had access to sensitive material, classified or not, you’re a potential target,” the analyst said. “Foreign adversaries are not just chasing secrets; they’re after any information that could give them a strategic edge.”

These hostile adversaries aren’t limiting their outreach to active military or intelligence personnel, either. Everyone from uniformed service members and reservists to civilian employees, contractors and retirees are within scope, the analyst said.

Engaging with these recruitment attempts can carry serious consequences. U.S. security clearance holders are legally bound to protect classified information, even after leaving government service.

“One of the problems we have is people just ignore the messages and forget about it,” the analyst said. “But even if you ignored it, that interaction can still help us. We’re not looking to punish someone for being contacted, we want to understand the tactics being used so we can protect the rest of the force.”

“If you believe you’ve been targeted, or know someone who has, report it,” Russ said. “Whether you’re still in uniform or long since retired, stay sharp. In today’s fight, vigilance online can be just as vital as readiness on the battlefield.”

As the analyst explained, as adversaries exploit the freedoms of digital platforms to target individuals, the lines between counterintelligence and force protection are increasingly blur.

“We’re not going to investigate our way out of this,” the analyst said. “The scope is too broad, and it crosses too deeply into personal privacy. The most powerful weapon we have is self-reporting. When people flag suspicious outreach early, it gives us a fighting chance.”

By Thomas Brading, AFOSI Public Affairs

Releasing agency note:

That is why early reporting, no matter how minor, can play a critical role in preventing adversary access. For example, programs like Eagle Eyes have supported this effort by encouraging both military personnel and civilians to report any suspicious behavior.

For more information on Eagle Eyes or to find your local AFOSI detachment, submit a tip directly with AFOSI at www.osi.af.mil/Contact-Us or the FBI at tips.fbi.gov.

Additional resources are available from the National Counterintelligence and Security Center at www.ncsc.gov, the Defense Counterintelligence and Security Agency at www.dcsa.mil, and the FBI at www.fbi.gov.

Did AFSOC Field A New Helmet? Well, Sort Of….

Saturday, April 12th, 2025

A buddy recently sent me this photo and asked me about this new helmet being worn by AFSOC, inquiring what it was.

I hadn’t seen it before and was intrigued. I put out some feelers and then I tracked the photo down to the Air Force Special Operations Command website, showcasing the Special Operations Forces Medical Skills Development program last October at Hurlburt Field, Florida. There was a whole photo story with these helmets peppered throughout.

It didn’t look like any helmet I had ever seen. Here I am thinking it might be some Air Force Research Lab project, but the truth, it would turn out, reminds me of that old Eddie Murphy comedy sketch, “We’ve got McDonald’s at home.*”

After further investigation, I found that this airsoft helmet (yes, I said airsoft) costs around $150 and goes by several names online, but seems to be manufactured by Avengers Airsoft. Avengers calls it the “Ark” Helmet w/ Integrated Cooling System & Headset. Granted, once you look at more of the photos you realize that they are training with paintball guns and that’s likely why they were purchased. They sort of look like issue helmets and are meant for airsoft. Even the website claims that the helmet is “Designed for Foam Blaster, Nerf, Gel Blaster, Battle Blaster, and low power Airsoft Gaming. ANSI rated full face mask recommended for close quarter / high power Airsoft Gaming.”

However, not only is this helmet not safety certified or approved for use as a ballistic, or even bump helmet, it’s also not Berry compliant. Sure, you can hide behind the micro-purchase exemption for Berry but I’d only use that defense if it were some uber cool European ballistic helmet like the NFM Hjelm, not some ABS bucket. What’s more, they aren’t using the face mask, despite using paintball guns, which kind of defeats the purpose of buying these helmets.

I’m not going to cast aspersions on the person who actually bought these things. I am sure they were well intended and bought what they were told to buy. They look sort of like an approved high cut helmet, but not much. Manufacturers Galvion, Gentex, and Team Wendy all make both ballistic and bump helmet models which are approved for wear and have been procured by the Air Force, and they can be used for sim training and have the appropriate mandibles.

Hopefully, AFSOC will procure some proper helmets for these Airmen soon which are actually certified for sim training. These toys should be crushed and put in the dumpster.

As for the rest of you, this is a cautionary tale. If you’re tasking a GPC holder to buy something for you, be very specific about what you want, even down to manufacturer and model preferences. Include specifications in order to further avoid confusion. If you don’t know, I suggest you have your GPC holder, or supply, get ahold of one of the Special Operations TLS vendors like Darley or Noble. There are several contract holders and they have in-house experts who can go over options. You can also do some research each here on SSD.

AFSOC Photos by Airman 1st Class Raul Mercado.

*Language warning, it’s Eddie after all…

Caveat Emptor – Frosty Tactical

Monday, September 2nd, 2024

Buyer Beware – We received a note from advertiser, US Elite Gear, warning us about a website called Frosty Tactical.

We checked the site and they are offering proprietary products from US Elite and offering Arc’teryx LEAF products while they are not a dealer. Something isn’t right, steer clear…

US Elite Gear Statement:

A quick PSA to all our customers and tactical friends: if there’s any website that you’re purchasing from and the only method of payment is PayPal, it’s likely too good to be true. Our pals over at “Frosty Tactical” are out here scamming. We are NOT associated with this fraudulent website, Facebook page or Instagram @frosty.tactical

We’ve recently discovered that a website called Frosty Tactical is copying our content and misleading customers into thinking they are affiliated with U.S. Elite. We want to make it absolutely clear that we have no connection with Frosty Tactical.

**If you’ve placed an order through Frosty Tactical, please be aware that U.S. Elite is not responsible for any transactions or customer service issues associated with that site.**

Your trust is our top priority, and we’re committed to ensuring you have the best possible experience with U.S. Elite. To avoid any issues, please ensure you’re only purchasing from our official website: us-elitegear.com

**- The U.S. Elite Team**

Buyer Beware – COUNTERFEIT Blue Force Gear Slings Showing Up Online

Tuesday, March 9th, 2021

BFG has received multiple reports of counterfeit Vickers Combat Applications Slings being sold online.

Savannah, GA – CAVEAT EMPTOR! They say “imitation is the sincerest form of flattery”, stealing our designs with counterfeit copies isn’t flattery. It’s a crime. In the past several weeks, Blue Force Gear® customer service has received a number of calls from individuals regarding issues with weapons slings that they purchased online. These slings were purchased primarily through Amazon. A review of the slings has revealed that every single one of them are cheap counterfeit copies of the patented BFG Vickers Combat Applications SlingTM (VCAS). These slings were labeled and marketed as being authentic BFG products to include copies of our labels and packaging.

More important to BFG than the legal issues with patent and trademark infringement, or the lost revenue to our American based company, are the disturbing reports of the products failing customers.  BFG, and each of its employees, is proud that our products are utilized daily by military, first responders and prepared citizens worldwide.  The idea that a mission could fail or that someone could be injured because of an inferior counterfeit product causes us great concern.

While the counterfeit slings LOOK like our product, a careful examination reveals vastly inferior quality of webbing, hardware, construction methods and other issues. We are choosing to not be more specific regarding the glaring issues with these slings as we don’t want to assist these thieves in their continuing criminal enterprise to steal our intellectual property and mislead our loyal and deserving customers.

BFG wants you to be aware that there are counterfeit products being marketed and that the best way to avoid them is to always buy from an authorized BFG reseller or direct from Blue Force Gear through our website or company store.  If you have questions regarding the identity of authorized resellers or concerns regarding a product, please contact our customer service representatives for guidance or go to www.blueforcegear.com/verified-bfg to report a suspected fake product.

www.blueforcegear.com , sales@blueforcegear.com , 877-430-2583

At Blue Force Gear, we strive to be “Always Better”TM.

The people stealing from you? Not so much.

Caveat Emptor – Counterfeit Dead Air Silencers Flash Hiders

Wednesday, April 22nd, 2020

Dead Air Silencers has issued the following warning:

ATTENTION: There is a resurrection of counterfeit Dead Air muzzle devices on the market claiming to work with the Sandman family and KeyMo compatible silencers. These muzzle devices are NOT licensed or tested by Dead Air Armament and may cause injury or death if used with Dead Air products. Plus, if you use them you’ll lose the awesome warranty we have. The connection between the muzzle device and KeyMo is a hypercritical component, for both efficiency and safety. Because of this, there’s a lot that goes into vetting a third party manufacturer. As of right now, the ONLY licensed third party manufacturers of Dead Air muzzle devices are:

• Sons of Liberty

• JMAC

• Lantac

• Forward Controls Design

Run away from all others.

Caveat Emptor – CDC Warns of Counterfeit PPE

Wednesday, April 8th, 2020

Counterfeit items are always out there, but during a pandemic, with demand so high for Personal Protective Equipment by government and individuals alike, they are particularly reprehensible.

The Center for Disease Control has created an online resource to help you identify counterfeits and genuine items. Remember, NIOSH approves medical PPE.

Here’s just one example of a counterfeit product currently on the market.

Make sure you are buying genuine products that will actually provide the protection you demand.?. Visit www.cdc.gov/niosh/npptl/usernotices/counterfeitResp for full details, more examples of counterfeit items, and link to a list of approved manufacturers.

Malicious Actor Targeting Private Vendors Through GSA STARS II by E-Mail Spoofing  

Sunday, June 24th, 2018

This is an advisory sent out by the Defense Logistics Agency. We share it verbatim.

A fake solicitation purporting to be from Defense Logistics Agency (DLA) for a “REQUEST FOR QUOTATION” has been targeting GSA STARS II vendors in the public sector.

The e-mails are not from DLA.MIL – The e-mail may appear to be from DLA on first glance; however, the “Reply-To” address of the fake e-mails ends with a “@dla-mil.us” extension. In some cases, “stars2@americanconsultants.com” has been identified to supposedly send messages on behalf of a DLA Contract Specialist – these are also fake.

Some e-mails suggest the companies use the “stars2” Google Group “https://groups.google.com/a/americanconsultants.com” for more information or to unsubscribe from the e-mail communication. The “stars2” group is NOT a DLA affiliated group.

To view full details of the notice along with visual examples, please go to: www.dla.mil/Portals/104/Documents/InformationOperations

In closing, please remain vigilant and be cautious when opening attachments. The specific e-mail attachment was not identified to contain malware, but the financial risks are high if the scammer is able to get a company to send them a virtual grocery list of technical items. Be sure to contact your typical DoD point of contact when engaging business to ensure the best possible communication and safety. Questions or comments can be directed to the DLA CERT’s Fusion Cell: CERTFusionCell@DLA.MIL.






Caveat Emptor – Counterfeit Tactical Augmented Pressure Switch Identified

Monday, October 30th, 2017

TNVC notified us that a counterfeit version of their joint venture with Unity Tactical, the Tactical Augmented Pressure Switch has been identified, along with this note.

IMG_5134

PSA: We have been made aware of an unlicensed copy of TAPS, made by a Hong Kong Airsoft company. The maker of these copies has since ceased, but we do not know how many were sold. These copies look almost identical except the logos are different and the contact leads are not standard. The laser lead on the fake will not fit standard US lasers. Just want to let you guys know about these so you don’t accidentally buy one on ebay and find out the hard way that it doesn’t work. here’s some pics of the fakes:

Always ensure you purchase your equipment from authorized dealers.