CID advises caution when using non-sanctioned myPay apps

The U.S. Army Criminal Investigation Command, commonly referred to as CID, is warning the greater Army community about the potential dangers of using non-Defense Department sanctioned applications to access Defense Finance Accounting Services accounts.

On July 13, 2013, the free mobile application “MyPay DFAS LES” was released on the Google Play Android App store. Google estimates that between 10,000 to 50,000 individuals have already downloaded and installed this App on their personal mobile device. The App purportedly allows users the ability to control their individual military pay account after they enter their myPay login information.

In addition to this App, there are several other third party non-DOD sanctioned mobile applications available for Android and iPhone devices designed around DFAS payment processes for DOD military and civilian personnel, retirees and annuitants, as well as other government agencies.

CID is cautioning that using non-DOD sanctioned applications to access myPay accounts can potentially lead to one’s personal account information being compromised and possibly the theft of funds.

Tips to help protect yourself

Before downloading, installing or using an app, take a moment to review the “About the Developer” section. This will help you get an idea about other apps that a specific developer has previously published. If available, visit the developer’s website and assess its content for things like history and professional appearance.

Apps that purport to allow access to military or government sites should only be installed if they are official apps sponsored by the military or other government agency.

Peruse the user ratings and reviews to try to get a sense from previous customers as to the truth of the application’s claim. Arguably, no app is completely perfect from the perspective of all users, but complaints about security concerns should quickly stand out from other relatively harmless issues.

If you are still not sure and end up downloading an app, inspect your device’s application permissions screen to determine what other applications or information will be accessed by the app. A video game, for example, is unlikely to have a legitimate need to access your contacts.

 

For more information regarding cyber crime and staying safe online, visit the CID Lookout or the Computer Crimes Investigative Unit webpage page at www.cid.army.mil.