Vadim Deryuzhinsky, head of the legal department of the electronic document management service Sign.Me, told Russians how to protect their electronic signature (ES) from fraudsters. According to the expert, which he voiced to Izvestia, the most common cases of fraud with ES occur due to users violating basic rules of digital hygiene.
The rarest type of fraud with a signature now, according to Sign.Me statistics, is a high-tech forgery of the victim's paper passport, which can only be identified during a forensic examination. With such a fake passport, a fraudster can go to the MFC, make sales transactions and other actions. Other problems related to the leakage of a digital signature are more common:
- transferring your token with an electronic signature to a third party. For example, when the CEO transfers his token to the chief accountant for submitting reports to government agencies, and the accountant uses the ES for personal purposes;
- transferring access to a mobile application with ES. Fraudulent actions using a mobile phone can be committed even by close relatives of the electronic signature holder;
- loss of login and password from the accounting system when using a simple electronic signature (SES), which is easier to steal. SES data can be stolen by brute force, which involves selecting characters and symbols until matches are found. In the case of enhanced types of electronic signature, such selection is impossible, ES data cannot be hacked or forged.
The lawyer gave several simple tips for observing digital hygiene, which will help protect your electronic signature. It is necessary:
- issue a machine-readable power of attorney, which will help avoid transferring your token to third parties to fulfill obligations related to your place of work. It will give employees the authority to interact with government agencies or counterparties, and allow them to legitimately sign documents as a representative of the company;
- store your passport and other documents in a safe place, do not publicly display them and do not transfer them to anyone as collateral;
- create complex passwords to prevent hacking of accounts. You should use different combinations of characters, numbers and symbols in different systems that differ from each other;
- remember that you should never tell anyone the code from an SMS from "Gosuslugi", as it stores a large array of personal data.
If you use a mobile solution, then transferring the phone even to close relatives will compromise the keys and certificate of the electronic signature. Do not give anyone access to your smartphone in which you sign documents, and use complex PIN codes and passwords to protect it, and make them different for all accounts or applications.
The lawyer also recommends indicating on "Gosuslugi" that your real estate transactions can only be carried out in your personal presence.
Read materials on the topic:
Viruses, advertising, data theft: Yandex smart TVs have become a target for hackers
