INDIANAPOLIS, Indiana –
In today’s world, protecting yourself online is almost as important as protecting yourself at home. Attempts to steal your identity, financial information and account numbers require everyone who uses email, shops online or transacts business with banks, credit card companies or other financial agencies need to be aware and protect themselves.
With millions of military, retired military and federal civilian employee customers, it’s not unusual that Defense Finance and Accounting Service hears about attempts to lure individuals into revealing their personal information, including their myPay login credentials.
These attempts range from enticing email messages disguised as official notices from DFAS or some other federal agency to warnings about some situation that can only be resolved with you “confirming” your profile information.
A continuing and growing threat emerges when myPay account owners enter their Login ID and password on computers that are compromised with malware or connected through public Wi-Fi networks.
Sometimes users log onto their email accounts and the email address has been compromised, allowing thieves to access myPay by using the email password. Of course, when that doesn’t work many of these online criminals can run programs that try a wide variety of commonly-used passwords to see if those will get them into the owner’s vital financial and personal information.
We also strongly advise our customers against linking from third-party sites to myPay, as it requires sharing your myPay credentials.
You have to be smarter because they’re getting smarter
Scammers have been using tried-and-true methods to get your money for years. Ever hear of a Fiancée scam? Targets are informed that a fee is necessary for DFAS to process paperwork providing a member’s fiancée with beneficiary status should anything happen while serving in the military. Yep, not everyone receiving the emails fits the profile (some are married) but the scammers figure that if they get one person to bite out of thousands, it is worth it.
Now, with a pandemic affecting millions of lives around the world, the ingenious “marketeers” have developed multiple ways to separate you from your money and security. Offers of cut-rate merchandise and services, prize deliveries from well-known contests (and some you may never have heard of), and official-sounding charitable or government organizations are some of the methods used to “hook” people into providing information, sending money or opening their accounts for these thieves.
There are plenty of resources available to learn about online security and many apply to some of the accounts you use on a regular or periodic basis (such as myPay). Here are some you might find useful:
You’ve heard it before … but it needs repeating
Online security has evolved from simple login IDs and passwords to fingerprints and eye scans. While technology advances, the need to counter scammers also grows.
To help protect individuals’ privacy online, passwords became increasingly more complex and often required resetting every so-many days for months. Some blocked words exist in dictionaries and many included special characters to foul cybercriminals from guessing our carefully chosen electronic key.
But the thieves don’t play by the same rules. Their technology includes programming that steals online IDs and passwords from sites they target. Oftentimes, these are used in attempted break-ins on other sites, such as banks, online marketplaces, and government agencies.
Unfortunately, these attempts do achieve some success because many use the same password over and over again for a variety of accounts where they do business or store information.
The Cybersecurity and Infrastructure Security Agency (part of the Department of Homeland Security) has published recommendations for creating and protecting strong passwords for organizations and individuals. You can read more at https://us-cert.cisa.gov/ncas/tips/ST04-002.
Watch out for scams
There are common financial service app scams that myPay users need to consider:
- Phishing scams – Scammers can pose as customer service from financial service apps via email, phone or text in an attempt to obtain your login information.
- Financial service app sales scams – Scammers will contact victims directly on financial service apps offering to sell deeply discounted goods. Once the money is transferred, the goods are never shipped.
- Unknown deposits – Scammers will send large sums of money to random accounts. This is a money-laundering scheme and the deposits should be ignored.
- Prize scams – Scammers may contact victims directly on financial service apps claiming they have won a prize and asking for a deposit to receive it.
myPay is staying up-to-date
The Cybersecurity and Infrastructure Security Agency, part of the Department of Homeland Security article on Supplementing Passwords recommends using two-factor authentication for online accounts whenever that security feature is available.
Recently, myPay has joined other online services by bringing two-factor authentication security for account holders.
Two-factor authentication required users to add a mobile phone number or email address to their profile. When logging in, a one-time code is sent to that designated location (i.e. text message or email). When entered into the app’s log-in routine within a specified period of time, the user’s identity is confirmed and access granted.
myPay’s Two-Factor Authentication began in late 2020 and became mandatory in late April 2021.
Remember, your online privacy and security is a partnership between the websites where your online presence lives and you, the customer. The same is true with myPay. DFAS builds, maintains and monitors state-of-the-art protections into myPay, but it only works if each customer takes the time to use the tools available … and keeps that information away from those that want to steal it.
Some important things to remember about DFAS
- DFAS will never send emails or call you and ask for your personal information. We only call or email you in response to requests we receive from you.
- Defense Finance and Accounting Service payroll customers are reminded the DFAS does not make unsolicited calls regarding debts or pay record errors, nor do we ever ask for payments via phone calls using online peer-to-peer money transfer systems.
- If you have received a phone call from DFAS and want to confirm the call is legitimate, contact our Customer Care Center at 888-332-7411.
- Be safe and make sure you’re only using the proper DFAS myPay site (https://mypay.dfas.mil/) to conduct your financial transactions.
To learn more about protecting yourself from scams and identity theft, visit these websites:
Victim of Identify Theft -- https://www.identitytheft.gov/#/