App may compromise MyPay account info
The purpose of this cyber crime alert notice is to inform Department of the Army personnel of third party mobile applications that reference the Department Finance and Accounting Services myPay system for federal employees and members of the uniformed services, but are not sponsored by the Department of Defense or U.S. Government. DFAS processes pay for all DoD military and civilian personnel, retirees and annuitants, and also supports other government agencies. Using nonsanctioned applications to access your myPay account can potentially lead to the compromise of your myPay account information and theft of funds. CID elements are encouraged to brief supported installations and units on the contents of this notice.
An application called “MyPay DFAS LES” was initially released July 13 as a free application on Google Play Android app store. The App provides the user with the ability to control their military pay after the user enters their myPay login information to access their individual account. Additionally, it provides the ability for the user to update their security questions to reset their password. Google Play estimates that between 10,000-50,000 members have already installed this app. A broader review of mobile app sites disclosed several other myPay related apps for Android and iPhone devices.
Before downloading, installing, or using an application, take a moment to review the “about the developer” section. This will help you get an idea about other apps that specific developer has previously published. If available, visit the developer’s website and assess its content for things like history, professional appearance, etc.
Apps that purport to allow access to military or government sites should only be installed if they are official apps sponsored by the military or other government agency.
Peruse the user ratings and reviews to try to get a sense from previous customers as to the veracity of the application’s claim. Arguably no app is completely perfect from the perspective of all users, but complaints about security concerns should quickly stand out from other relatively benign issues.
If you’re still not sure and end up downloading an app, inspect your device’s application permissions screen to determine what other applications or information will be accessed by the app. A video game, for example, is unlikely to have a legitimate need to access your contacts. For more information about computer security and other computer related scams, visit www.cid.army.mil/ cciu_ 2can.html to review previous cyber crime alert notices and cyber crime prevention flyers.