ARLINGTON, Va. 3/15/2005 (AFPN) — Federal Trade Commission officials say “phishers” are a new breed of scam artists who send e-mails or pop-up messages claiming to be from a business or organization individuals would routinely deal with — an Internet service provider, bank, online payment service or even a government agency.

Phishing attacks trick people into passing personal information by luring them to false corporate Web sites or by requesting personal information be sent in a return e-mail.

These phony messages usually tell people that they need to 'update' or 'validate' account information, and may threaten dire consequence if they don’t respond. They then direct recipients to a Web site that mimics a legitimate organization's site. The purpose of the bogus site is to trick them into divulging personal information so the scam operators can steal identities and make purchases or commit crimes in the victim’s name.

With “phishing” scams occurring more frequently, federal Defense Finance Accounting Service officials said they want to assure customers that every precaution is taken to secure data - and that customers should be aware that the agency and its Web-based system, myPay, will not ask for personal or financial information by e-mail. Individual DFAS customers can enter the myPay Web site with a personal identification number to access the secure financial page to make changes to personal information.

The agency offers the following tips to help avoid getting hooked by a phishing scam:

  • Use anti-virus software and keep it up to date. Some phishing e-mails contain software that can harm computers or track activities on the Internet without the user’s knowledge.
  • Do not email personal or financial information. E-mail is not a secure method of transmitting personal information. If people initiate a transaction and want to provide their personal or financial information through a Web site, look for indicators that the site is secure, such as an image of a lock or lock icon on the browser's status bar or a Web site address that begins with https. Unfortunately, no indicator is foolproof; some phishers have forged security icons as well.

The myPay site combines strong encryption software and secure technology with the user's Social Security number, PIN and secure Web address or DOD-specific telephone numbers -safeguards against unauthorized access,. This combination prevents information from being retrieved by outside sources while information is being transmitted. The secure technology provided to myPay customers meets or exceeds security standards in private industry.