Protect Yourself Online

In today’s world, protecting yourself online is almost as important as protecting yourself at home. Attempts to steal your identity, financial information and account numbers require everyone who uses email, shops online or transacts business with banks, credit card companies or other financial agencies needs to be aware and protect themselves.

With millions of military, retired military and federal civilian employee customers, it’s not unusual that DFAS hears about attempts to lure individuals into revealing their personal information, including their myPay login credentials. These attempts range from enticing email messages disguised as official notices from DFAS or some other federal agency to warnings about some situation that can only be resolved with you “confirming” your profile information.

A continuing and growing threat emerges when myPay account owners enters their Login ID and password on computers that are compromised with malware or connected through public Wi-Fi networks. Sometimes users log onto their email accounts that that email address is stolen, allowing thieves to attempt to access myPay by using the email password. Of course, when that doesn’t work many of these online criminals can run programs that try a wide variety of commonly-used passwords to see if those will get them into the owner’s vital financial and personal information.

You have to be smarter because they’re getting smarter

Scammers have been using tried-and-true methods to get your money for years. Ever hear of a Fiancée scam? Targets are informed that a fee is necessary for DFAS to process paperwork providing a member’s fiancée with beneficiary status should anything happen while serving in the military. Yep, not everyone receiving the emails fits the profile (some are married) but the scammers figure that if they get one person to bite out of thousands, it is worth it.

Now, with a pandemic affecting millions of lives around the world, the ingenious “marketeers” have developed multiple ways to separate you from your money and security. Offers of cut-rate merchandise and services, prize deliveries from well-known contests (and some you may never had heard of), official-sounding charitable or government organizations are some of the methods used to “hook” people into providing information, sending money or opening their accounts for these thieves.

There are plenty of resources available to learn about online security and many apply to some of the accounts you use on a regular or periodic basis (such as myPay). Here’s some you might find useful: You’ve heard it before….but it needs repeating

Online security has evolved from simple login IDs and passwords to fingerprints and eye scans. While technology advances, the need to counter scammers also grows. To help protect individuals’ privacy online, password became increasingly more complex and often required reset every no-many days for months. Some blocked words existing in dictionaries and many included special characters to foul cybercriminals from guessing our carefully chosen electronic key.

But the thieves don’t play by the same rules. Their technology includes programming that steals online IDs and passwords from sites they target. Often times, these are used in attempted break-ins on other sites, such as banks, online market places, government agencies. Unfortunately, these attempts do achieve some successes because many use the same password over and over again for a variety of the accounts were they do business or store information.
The Cybersecurity and Infrastructure Security Agency (part of the Department of Homeland Security) has published recommendations for creating and protecting strong passwords for organizations and individuals. You can read more here.

myPay is staying up-to-date

The Cybersecurity and Infrastructure Security Agency, part of the Department of Homeland Security article on Supplementing Passwords recommends using two factor authentication for online accounts whenever that security feature is available.

Recently, myPay has joined other online services by bringing two-factor authentication security for account holders. Two-factor authentication required users to add a mobile phone number or email address to their profile. When logging in, a one-time code is sent to that designated located (i.e. text message or email). When entered into the app’s log-in routine within a specified period of time (like 15-30 seconds), the users’ identify is confirmed and access granted.

myPay’s Two-Factor Authentication began in late 2020 as a voluntary addition but will become mandatory in late April of 2021. Read more about it here.

Remember, your online privacy and security is a partnership between the websites where your online presence lives and you, the customer. The same is true with myPay. DFAS builds, maintains and monitors state-of-the-art protections into myPay, but it only works if each customer takes the time to use the tools available….AND KEEPS THAT INFORMATION AWAY FROM THOSE THAT WANT TO STEAL IT!

Some important things to remember about DFAS

First, DFAS will never send email or call you and ask for your personal information. We only call or email you in response to requests we receive from you.
Page updated March 5, 2021