Digital Signatures May Be Prone To Scams – How To Protect Yourself?

Signing documents electronically save time and makes it easier for people to close contracts, sign other legal documents, and fill out tax forms without making trips to the bank, post office, or other courier services. But Digital signatures can also come with risks.

digital signature scams

Scammers have come up with a good practice to break the Digital signing system and create fake digital signatures on desktop PDF viewer apps. These include apps such as Adobe Acrobat Reader, Libre Office, and online services like DocuSign.

Digitally signed documents are admissible in court, can be used as a legally binding contract, can be used for Income tax filing purposes, can be used to approve financial transactions, and can be used for press releases and announcements made by the government.

The ability to a fake digital signature on an official PDF document can threaten to steal large amounts of money or cause chaos inside private companies and public institutions.

Three vulnerabilities have been found in the digital signing process used by several desktop and web-based PDF signing services. Summarized, they are:

  1. Universal Signature Forgery (USF) – vulnerability lets attackers game trick the signature verification process so that it will display the user a fake panel/message that the signature is valid.
  2. Incremental Saving Attack (ISA) – vulnerability lets attackers add extra content to an already signed PDF document via the “incremental saving (incremental update)” mechanism, but without breaking the saved info of the signature of that document.
  3. Signature Wrapping (SWA) – vulnerability is similar to ISA, but the malicious code also contains extra logic in order to fool the process of signature. This means the content which was added (the incremental update) has been digitally signed.

 

The researchers found that there were two root causes of why this sort of spoofing could be carried out.

First, they said, “The specification provides incomplete information and without any concrete procedures on how to validate signatures. Description of pitfalls and any security considerations are missing. Thus, developers must implement the validation on their own without best-common-practice information.”

Secondly, they found “The error tolerance of the PDF viewer is abused to create non-valid documents bypassing the validation, yet correctly displayed to the user.”

 

How to Protect Yourself?

  • Avoid sharing sensitive information or financial information over email.
  • Use two-factor authentication or multi-factor authentication to enhance security.
  • Have up to date secured apps installed on your device.
  • Use encrypted email.
  • Have a more secured transaction process.

 

With technology enhancement, the chances of online fraud are increasing every day. Taking the advantage of advanced Digital Signing Solution technologies, you can rest easy knowing your documents are safe.

It becomes important to choose a digital signing solution wisely to have a hassle-free experience in the digital transformation journey for your documents at work and JNR Management is a pioneer in Digital Signing Solutions with Automation. Our Solutions are easy to use and integrate with almost every existing or new applications.

 

JNR Management is one of the best digital signature solution providers in Delhi which helps you provide the right solution for your digital signature needs. JNR Management Resources Pvt. Ltd. has been a foremost player in the PKI industry for decades, catering to cutting-edge IT security solutions to safeguard government, enterprises, and other financial organizations. Moreover, our platinum partnership with DigiCert (formerly Symantec) and other renowned OEMs has further inspired us to do more in the industry, which has given new heights to our transcendence. We enjoy the honor of being acknowledged as a “Platinum Elite” certified partner of DigiCert in India & South East Asia.

 

 

About the Author