Advertisement
Live broadcast

A lawyer told how to protect your electronic signature

Deryuzhinsky: to protect an electronic signature, you should not hand over your token
0
Photo: Izvestia/Mitriy Korotayev
Озвучить текст
Select important
On
Off

The most common cases of fraud in the field of electronic signature (ES) occur not because of flaws in the technology, but because users themselves violate basic rules of digital hygiene, said Vadim Deryuzhinsky, head of Sign.Me's legal department. He told Izvestia on December 22 how to protect ES.

According to Sign.Me statistics for 2023, the share of cases to challenge enhanced types of electronic signature amounted to 1.1%. The remaining 98.9% relate to challenging handwritten signatures. This is due to the high level of security of enhanced types of ES.

"The most common in court practice are disputes related to the transfer of an electronic signature token to a third party. For example, when the CEO transfers his token to the chief accountant for submitting reports to state authorities, and the accountant uses ES for personal purposes," the expert specified.

He said that the carrier of an electronic signature can be not only a token, but also a mobile application, and transferring access to it is also a gross violation of security. There are cases when fraudulent actions using a cell phone were committed by relatives of the owner of the electronic signature.

"The next type of fraud relates to simple electronic signature (PEP) and not to enhanced ones. PEP is the most vulnerable type of electronic signature, which can be in the form of logins and passwords or codes from SMS. For example, by selecting a login and password from a certain account system, fraudsters can perform any legally significant actions. PEP data can be calculated by bruteforce method, which includes the selection of signs and symbols until a match is detected," Deryuzhinsky said.

Keeping an eye out: How Russians are being attacked by stalking programs
In 2024, 25% more people will face such surveillance

According to him, in the case of enhanced types of electronic signature such a selection is impossible, as they are created with the help of means of cryptographic protection of information. Such a signature cannot be hacked or forged.

At the same time, the rarest type of fraud is related to passport forgery. Such situations arise when a fraudster learns the personal data of a person, most often a person who has real estate, and produces a high-tech forgery on the black market. This passport is practically no different from the owner's real document, but the photo is replaced in it.

"It is possible to determine such a forgery only when conducting a forensic examination. With a fake passport, the fraudster can open accounts in banks, apply to MFC, as well as issue himself an electronic signature certificate and make transactions with the owner's real estate," the lawyer said.

He emphasized that the CEO should not transfer his token to third parties. Instead, a machine-readable power of attorney (MPO) can be issued, which will empower employees to interact with government agencies or counterparties and allow them to legitimately sign documents as the company's representative.

"If you use a mobile solution, handing over your phone to even close relatives will compromise your keys and electronic signature certificate. Do not give anyone access to your smartphone where you sign documents, and to protect it, use complex PIN codes and passwords and make them different for all accounts or applications," the lawyer emphasized.

In addition, one of the measures to prevent fraudulent schemes with passport forgery can be the provision of certification centers, which carry out identification of the person when issuing an ES certificate, access to the application for issuance, replacement of passport by the state. This document contains a photo of the person applying for a passport. At the same time, it is important to keep the passport and other documents in a safe place, not to show them publicly and not to pledge them. Also on Gosuslugi users can tick the checkbox that real estate transactions can be made only with personal presence, the expert specified.

"To prevent your accounts from being hacked, come up with complex passwords, use different combinations of signs, numbers and symbols that differ from one another in different systems. It is also important to never and never tell anyone the code from SMS from "Gosuslugi", as there is a large array of personal data stored there," concluded Deryuzhinsky.

Earlier, on November 17, Evgeny Pankov, project manager of the .RU/.RF domain coordination center, told Izvestia that there is a steady increase in phishing attacks that are conducted through messengers. They are especially recorded in Telegram and WhatsApp (owned by Meta, whose activities are banned in Russia).

Переведено сервисом «Яндекс Переводчик»

Live broadcast
Subscribe and get the news first
VK
Menu
Advertisement
RSS

Copyright for the iz.ru portal content visualisation system, as well as for the source data, including texts, photos, audio and video materials, graphic images, other works and trademarks, belongs to "MIC Izvestia" LLC

Partial quotation is possible only with a hyperlink to en.iz.ru

The site is operated with the financial support of the Ministry of Digital Development, Communications and Mass Media of the Russian Federation.

The advertiser is responsible for the content of any advertising materials posted on the portal.

The news, analytics, forecasts and other materials presented on this website do not constitute an offer or recommendation to buy or sell any assets.

Registered by the Federal Service for Supervision of Communications, Information Technology and Mass Communications. Certificates of registration Certificate of registration: EL № FS 77 - 76208 dated July 8, 2019. , Certificate of registration: EL № FS 77 - 72003 dated December 26, 2017.

All rights reserved © «MIC «Izvestia» LLC, 2025