DFAS and myPay officials assure personal-data security

  • Published
ARLINGTON, Va. (AFPN) --  With “phishing” scams occurring more frequently, Defense Finance and Accounting Service officials said they want to assure customers that every precaution is taken to secure data.

Customers should be aware that the agency and its Web-based system, myPay, will not ask for personal or financial information by e-mail, DFAS officials said.

Individual DFAS customers can enter the myPay Web site with a personal identification number to access the secure financial page to make changes to personal information, officials said.

Phishing attacks trick people into passing personal information by luring them to false corporate Web sites or by requesting personal information be sent in a return e-mail.

“Phishers” send e-mails or pop-up messages claiming to be from a business or organization individuals would routinely deal with -- an Internet service provider, bank, online payment service or even a government agency, said Federal Trade Commission officials. The message usually tells people that they need to 'update' or 'validate' account information and might threaten dire consequence if they don’t respond.

People are directed to a Web site that mimics a legitimate organization's site. The purpose of the bogus site is to trick them into divulging personal information so the scam operators can steal identities and make purchases or commit crimes in the victim’s name, officials said.

DFAS officials offer the following tips to help avoid getting hooked by a phishing scam:

-- Use anti-virus software and keep it up to date. Some phishing e-mails contain software that can harm computers or track activities on the Internet without the user’s knowledge.

-- Do not email personal or financial information. E-mail is not a secure method of transmitting personal information. If people initiate a transaction and want to provide their personal or financial information through a Web site, look for indicators that the site is secure, such as an image of a lock or lock icon on the browser's status bar or a Web site address that begins with an “https.” Unfortunately, no indicator is foolproof; some phishers have forged security icons as well.

The myPay site combines strong encryption software and secure technology with the user's Social Security number, PIN and secure Web address or DOD-specific telephone number. These all act as safeguards against unauthorized access, officials said. This combination prevents information from being retrieved by outside sources while information is being transmitted. The secure technology provided to myPay customers meets or exceeds security standards in private industry.