Protecting your online myPay experienceThe Defense Finance and Accounting Service uses state-of-the art technology to help protect your personal information and data on myPay. But while the system is built to deter cyber criminals, most thieves focus on the part we cannot control: You, your computer and your online skills.
You can learn how protect yourself online at websites such as the Federal Trade Commission and the FBI.
Here are some quick reminders to help you keep your time on myPay secure:
- DO NOT USE A PUBLIC COMPUTER OR KIOSK SYSTEM TO ACCESS myPay. Using a public system places you at greater risk for compromise of your myPay account. Even connecting via a public wifi network exposes your information to possible theft.
- Install operating system and application software updates (such as your browser and browser plug-ins) regularly. Many of these updates are issued to fix identified security problems. Please visit the vendors’ websites for more information.
- Install, use and keep antivirus software and personal firewalls (including antivirus definitions) up-to-date. Malware comes in all shapes and sizes (email, downloads, etc.).
- Do not store user IDs and passwords on your computer or smartphone. If someone gains access to your device, the accounts will likely be compromised. And if you write them down, make sure to keep them locked away.
- After accessing your myPay account, close all of your Internet browser windows. Sometimes the browser will store session information in memory that other websites may be able to access. Also purge cookies before and after use at a kiosk or public system.
- Be very careful when installing software, browser plug-ins or extensions that give others access to your computer. Remote service software or peer-to-peer software used for file sharing can create unintended openings into your computer that outsiders can exploit.
- Do not email personal or financial information. Email is not a secure method of transmitting personal information. If you initiate a transaction and want to provide your personal and financial information through a website, look for indicators that the site is secure such as an image of a lock or lock icon on the browser’s status bar or a web site address that begins “https:” ( the “s” stands for “secure”).
- DFAS does not send email messages asking customers to update or validate information. We do send email messages that provide important information about your pay account, but we NEVER ask for customers to send passwords, login names, Social Security numbers or other personal information through email. We recommend you to never click on links sent in an email. Always type in the URL for myPay manually (https://mypay.dfas.mil/) or use a trusted search engine to search for the myPay website and use the most trusted result.
• Phishing: The use of emails that appear to originate from a trusted source to trick a user into taking action like clicking a malicious link or opening a infected attachment. These criminals will attempt to lure you to disclose account numbers, login information, passwords, etc.
• Keylogging: Malware that tracks (or logs) the keys you type on a keyboard without you knowing that your actions are being monitored. This information is sent to the criminals’ computers (again without your knowledge). The malware program is often delivered by email or when you visit a link embedded in an email that appears to be a reputable website.
You trust DFAS to ensure myPay protects your information. Make sure your actions online don’t give the criminals the tools to get around that security. Understanding the threat and knowing what to do about it is the best defense you can have.
Updated Nov. 26, 2012