How Consumers Can Protect Themselves From eSignature Fraud
Asked why he robbed banks, Willie Sutton famously replied, “because that’s where the money is.”
Criminals still want your money, but instead of piles of cash in a safe, your money is now just ones and zeros in a computer. That means with a few hacker keystrokes all your money can be gone in 60 seconds.
How can consumers protect themselves? For one, if you are using eSignatures to sign any kind of agreement, make sure that all parties use SignaSure, a secure, cloud-based electronic signature process that verifies the identity of all the participants.
If you don’t use BlueInk you could make yourself vulnerable to these types of eSignature attacks.
“eSignatures” that aren’t real electronic signatures:
“Verbal” eSignatures: There are many stories where companies will “sign you up” for services you didn’t ask for. For example, one Royston company warns others after eSignature used to sign new BT contract without consent. There was no signing process for the new five year contract. BT claims the contract was executed by the agent over the phone. When the company asked BT for proof of the esignature, BT didn’t have it. Consumers should insist on a secure eSignature contract standard for service agreements.
Digital Signature Cards: A company in Italy was surprised to discover that a schemer had filed the paperwork to make himself sole owner of the company using a forged card that had a “digital signature.” This was a sophisticated scam that involved creating shares of a company and more, all made possible with a “digital signature” card that could be created by a teenager using tools in their garage. Private companies large and small should insist on verified identities on their electronic signatures when it comes to major transactions such as issuing stock.
Man-in-the-middle attacks: Escrow fraud is on the rise. In the most popular scenario, hackers work as a “man-in-the-middle” silently hacking into a buyer’s or seller’s email account to monitor a real estate closing email stream. Then at the moment the buyer expects to get instructions to wire the money to the seller, the hackers pounce, sending bogus instructions to the buyer to send money to the hacker’s account. Once the money hits the hacker’s account, it vanishes.
- Avoid sending sensitive financial information via email.
- Use encrypted email.
- Use two-step verification or multi-factor authentication to secure email.
- Have up-to-date antivirus and security apps installed on your computer.
- Blockchain software and other forms of buyer, agent, seller, and escrow officer authentication could prevent this problem.
In the case of escrow fraud, the best advice comes from Silicon Valley Association of REALTORS®, stating:
“Buyers and sellers should confirm all email wiring instructions directly with the escrow officer by calling the escrow officer on the telephone. In that conversation, the correct account number information should be repeated verbally before taking any steps to have the funds transferred.”
Hackers succeed because most consumers don’t insist on a more secure transaction process.
At SignaSure we advise buyers against emailing financial information. You should only do business with organizations that have a secure site (look for a URL that begins with https, the “s” stands for secure).
Everyone on both sides of the transaction should be wary of opening any attached files in emails. This is why SignaSure’s secure, cloud-based, Certificate of Authenticity-generating approach is best.
If you want a more secure agreement process, contact BlueInk today.