Bogus digital signatures, Re: OT: utility account transfer frauds

[Casper Dik]

>Moreover, if the victim keeps the document that they signed, a
>sufficiently expert witness will show that both documents have the same
>hash and so it cannot be determined which document was signed.  You can
>also avoid becoming a victim by insisting that both parties sign, so
>that you can demonstrate the other person's intent.


You must make sure you generate the document you sign; the other
party can then agree to the document but should never able to
determine the hash beforehand.

Casper