Soaring popularity of digital e-signing highlights scam risks: Internet Scambusters #1,076
E-signatures, which allow you to digitally sign documents online instead of inking them on paper, are a great innovation - and highly secure….
Unless you fall into the sights of scammers who are exploiting this popular, time-saving method of verifying and authorizing legal and other agreements.
In this week's issue, we'll explain the most common e-signing scams and the red flags that signal trouble that you should watch out for.
Let's get started…
Don't Get Scammed By Digital E-Signature Crooks
If you've ever had to sign a document electronically by pasting your signature or a code into a digital file, you'll know how much time, cost, and hassle the process saves you.
But the growing popularity of e-signatures, as they're called, has also made them a target for scammers, despite stringent security by companies providing the service.
E-signing is widely used in business but it's also increasingly common for consumers - for example, when signing mortgage agreements, tax forms, and many other types of legal documents. But if you get caught out by the scammers, it could cost you a fortune.
The surge in digitally signing a document is a hangover from the Covid pandemic when face-to-face contact was discouraged or downright forbidden.
Since companies and individuals discovered how convenient e-signing is, it's taken off, generating a market worth more than $4 billion a year. As we get used to it, that number is forecast to rocket in the next few years.
As it is, an estimated 95 percent of organizations say they use or plan to use e-signatures in the future.
How E-Signatures Work
Although, on the face of it, e-signing sounds risky it's possibly more secure than old-style ink signatures - mainly because of the number of security and verification measures service providers have built in and a big reduction in mistakes.
In very simple terms, an individual or company receives a notification that there's a document awaiting their signature. They log onto the website where the document is stored, check it, paste in or even finger-sign their moniker and they're done. The result is a legally enforceable document.
Backstage, there's a lot more to it in security terms but it's really that straightforward. No wonder users prefer it to a time-consuming office meet-up. And businesses save a lot, both in costs and time.
The biggest name in the business is DocuSign. If you haven't already used them, you almost certainly will in the not-too-distant future.
Common E-Signature Scams
Crooks abuse the e-signing process mostly for phishing - trying to steal people's sign-on credentials and other confidential information. Their tactics include:
- Fake notifications that seem to come from a provider like DocuSign, asking users to sign into their account via a bogus imitation login page. Sometimes, they include an attachment that appears to be the specified document but is primed to install malware. Other times, they warn the user that their account has been suspended unless they click a bogus link and enter their login.
- Imposters using forged documents that victims are asked to sign and to add confidential information. The crooks call or use messaging services pretending to be from the e-signature provider or someone else involved in a transaction.
- Doctored docs, when fraudsters intercept legitimate documents after they've been signed and alter them, perhaps adding or removing sections or changing terms and conditions.
- Account takeover. Often the outcome of a phishing attack, crooks gain access to legitimate e-doc accounts, enabling them to forge signatures or redirect payments.
How to Spot and Avoid an E-Signature Scam
There are a number of red flags that signal a potential e-signature scam. Here are some to look out for:
- An unexpected notification that you have a document to sign when you haven't asked for one.
- You don't know the sender. If you don't recognize the name of whoever sent you a notification, it's likely a scam.
- The link to review the document takes you somewhere unexpected, often with a name that's very similar to a genuine e-sign provider. In the case of DocuSign, messages should come only from docusign.com or docusign.net, not any variation of these names.
- The message contains an attachment. DocuSign, which controls more than 80 percent of the electronic signature market, says it never uses attachments. Users have to visit its website to review documents.
- You get a pop-up box after opening an email. Again, the company says it never uses pop-up boxes because they're not secure.
- The message uses an impersonal greeting like "Dear DocuSign Customer" instead of the recipient's name.
- Poor grammar and spelling. Although less common these days (thanks to artificial intelligence) some scammers still give themselves away with awkward sentence construction and spelling mistakes.
- Asking you to act urgently by claiming your account has been compromised or setting an imminent deadline for a response.
- The web page address (URL) you're directed to uses an insecure "http" instead of "https."
Get More Help
DocuSign has further guidance, including information about what to do if you think you've fallen victim to an e-signature scam. See How DocuSign Users Can Spot, Avoid and Report Fraud.
This Week's Alerts
Cheating cheats: How much do you trust your partner/spouse - enough to shrug off a letter claiming they're having an affair? Scammers in Texas have been sending out personally-addressed letters telling recipients they have hard evidence their partner is involved in an illicit relationship. And they say they'll send you the proof, including photos, if you send them money. Of course, they want you to pay with untraceable cryptocurrency. Trash it.
No Chat: The name of ChatGPT, the ground-breaking artificial intelligence (AI) software that can write reasonable text on virtually any topic, is being used by scammers on social media. The crooks run ads offering easy access to the program, but following up on the ads results in downloading malware onto your PC. The company behind ChatGPT says it doesn't advertise on social media. In fact, as of this writing, you can sign up and access it for free.
That's it for today -- we hope you enjoy your week!