The Department of the Army Computer Crime Investigation Unit has issued a Cyber Crime Alert Notice about the use of any third-party mobile applications to access the Department Finance and Accounting Services myPay system.
The third-party mobile apps are not sponsored by the Department of Defense or the U.S. government. The “MyPay DFAS LES” is a free app on the Google Play app store that gives users the ability to control their pay after entering their myPay login information. From this app, a user can update security questions, reset passwords and review account information. Between 10,000 and 15,000 members have already downloaded this program and other related apps to their mobile device.
Use of these types of non-sanctioned apps can compromise myPay accounts and lead to loss of personal account information and theft of funds. Here are some general tips to remember when downloading apps to a mobile device:
- Before downloading, installing or using an app, take a moment to review the “About the Developer” section. This will help you get an idea about other apps that a specific developer has previously published. If available, visit the developer’s website and assess its content for things like history and professional appearance.
- Apps that purport to allow access to military or government sites should only be installed if they are official apps sponsored by the military or other government agency.
- Peruse the user ratings and reviews to try to get a sense from previous customers as to the truth of the application’s claim. Arguably, no app is completely perfect from the perspective of all users, but complaints about security concerns should quickly stand out from other relatively harmless issues.
- If you are still not sure and end up downloading an app, inspect your device’s application permissions screen to determine what other applications or information will be accessed by the app. A video game, for example, is unlikely to have a legitimate need to access your contacts.
For more information about computer security and other computer-related scams, visit http://www.cid.army.mil/cciu_2can.html.