Protect Yourself Online

DON'T GET SCAMMED!

DFAS payroll customers are reminded the DFAS does not make unsolicited calls regarding debts or pay record errors, nor do we ever ask for payments via phone calls using online peer-to-peer money transfer systems. If you have received a phone call from DFAS and want to confirm the call is legitimate, contact our Customer Care Center at 888-332-7411.

Be safe and make sure you’re only using the proper DFAS myPay site (https://mypay.dfas.mil/) to conduct your financial transactions!

In today’s world, protecting yourself online is almost as important as protecting yourself at home. Attempts to steal your identity, financial information and account numbers require everyone who uses email, shops online or transacts business with banks, credit card companies or other financial agencies needs to be aware and protect themselves.

With millions of military, retired military and federal civilian employee customers, it’s not unusual that DFAS hears about attempts to lure individuals into revealing their personal information, including their myPay login credentials. These attempts range from enticing email messages disguised as official notices from DFAS or some other federal agency to warnings about some situation that can only be resolved with you “confirming” your profile information.

A continuing and growing threat emerges when myPay account owners enters their Login ID and password on computers that are compromised with malware or connected through public Wi-Fi networks. Sometimes users log onto their email accounts and the email address has been compromised, allowing thieves to access myPay by using the email password.. Of course, when that doesn’t work many of these online criminals can run programs that try a wide variety of commonly-used passwords to see if those will get them into the owner’s vital financial and personal information.

We also strongly advise our customers against linking from third party sites to myPay, as it requires sharing your myPay credentials.

Infographic: 5 Tips To Keep Your myPay Safe. 1. Always use myPay.dfas.mil. Don't click on any other website for access to myPay, only use the ".mil" site. 2. Don't use third party websites. Some financial websites and apps promise early delivery of pay but require giving up your myPay information. Protect your data and yourself just don't do it. 3. Beware of unsolicited contact. DFAS does not call about payroll mistakes or debts. DFAS will not demand payments or personal information by phone or mobile payment apps. 4. Know before you click. DFAS will only communicate through official DFAS emails or letters. Don't click on links in unexpected emails or texts. 5. Concerned about your account? If you do receive a call, email, or text, check on your account by calling DFAS customer Care at 1-888-DFAS411 or 1-888-332-7411 or submit your question to ASK myPay Online Customer Service

You have to be smarter because they’re getting smarter

Scammers have been using tried-and-true methods to get your money for years. Ever hear of a Fiancée scam? Targets are informed that a fee is necessary for DFAS to process paperwork providing a member’s fiancée with beneficiary status should anything happen while serving in the military. Yep, not everyone receiving the emails fits the profile (some are married) but the scammers figure that if they get one person to bite out of thousands, it is worth it.

Now, with a pandemic affecting millions of lives around the world, the ingenious “marketeers” have developed multiple ways to separate you from your money and security. Offers of cut-rate merchandise and services, prize deliveries from well-known contests (and some you may never had heard of), official-sounding charitable or government organizations are some of the methods used to “hook” people into providing information, sending money or opening their accounts for these thieves.

There are plenty of resources available to learn about online security and many apply to some of the accounts you use on a regular or periodic basis (such as myPay). Here’s some you might find useful:

Using and Protecting Passwords (https://us-cert.cisa.gov/ncas/tips/ST04-002)
Supplementing Passwords (https://us-cert.cisa.gov/ncas/tips/ST05-012)
Avoiding Social Engineering and Phishing Attacks (https://us-cert.cisa.gov/ncas/tips/ST04-014)

You’ve heard it before….but it needs repeating

Online security has evolved from simple login IDs and passwords to fingerprints and eye scans. While technology advances, the need to counter scammers also grows. To help protect individuals’ privacy online, password became increasingly more complex and often required reset every no-many days for months. Some blocked words existing in dictionaries and many included special characters to foul cybercriminals from guessing our carefully chosen electronic key.

But the thieves don’t play by the same rules. Their technology includes programming that steals online IDs and passwords from sites they target. Often times, these are used in attempted break-ins on other sites, such as banks, online market places, government agencies. Unfortunately, these attempts do achieve some successes because many use the same password over and over again for a variety of the accounts where they do business or store information. The Cybersecurity and Infrastructure Security Agency (part of the Department of Homeland Security) has published recommendations for creating and protecting strong passwords for organizations and individuals. You can read more here.

Watch out for scams
There are common financial service app scams that myPay users need to consider:

Phishing scams – Scammers can pose as customer service from financial service apps via email, phone or text in an attempt to obtain your login information.
Financial service app sales scams – Scammers will contact victims directly on financial service apps offering to sell deeply discounted goods. Once money is transferred, the goods are never shipped.
Unknown deposits – Scammers will send large sums of money to random accounts. This is a money-laundering scheme and the deposits should be ignored.
Prize scams – Scammers may contact victims directly on financial service apps claiming they have won a prize asking for a deposit to receive it.

Learn more on protecting yourself from scams
Scams and Identity Theft | consumer.gov

Victim of Identify Theft? Check below for steps to take.
IdentityTheft.gov

myPay is staying up-to-date

The Cybersecurity and Infrastructure Security Agency, part of the Department of Homeland Security article on Supplementing Passwords recommends using two factor authentication for online accounts whenever that security feature is available.

Recently, myPay has joined other online services by bringing two-factor authentication security for account holders. Two-factor authentication required users to add a mobile phone number or email address to their profile. When logging in, a one-time code is sent to that designated located (i.e. text message or email). When entered into the app’s log-in routine within a specified period of time, the users’ identify is confirmed and access granted.

myPay’s Two-Factor Authentication began in late 2020 as a voluntary addition but will become mandatory in late April of 2021.

Remember, your online privacy and security is a partnership between the websites where your online presence lives and you, the customer. The same is true with myPay. DFAS builds, maintains and monitors state-of-the-art protections into myPay, but it only works if each customer takes the time to use the tools available….AND KEEPS THAT INFORMATION AWAY FROM THOSE THAT WANT TO STEAL IT!

Some important things to remember about DFAS

First, DFAS will never send email or call you and ask for your personal information. We only call or email you in response to requests we receive from you.

Page updated April 4, 2023