diff --git a/src/main/java/com/stripe/net/Webhook.java b/src/main/java/com/stripe/net/Webhook.java
index 09505f70873..eb33976c4f5 100644
--- a/src/main/java/com/stripe/net/Webhook.java
+++ b/src/main/java/com/stripe/net/Webhook.java
@@ -183,7 +183,11 @@ private static long getTimestamp(String sigHeader) {
       for (String item : items) {
         String[] itemParts = item.split("=", 2);
         if (itemParts[0].equals("t")) {
-          return Long.parseLong(itemParts[1]);
+          try {
+            return Long.parseLong(itemParts[1]);
+          } catch (NumberFormatException e) {
+            return -1;
+          }
         }
       }
 
diff --git a/src/test/java/com/stripe/net/WebhookTest.java b/src/test/java/com/stripe/net/WebhookTest.java
index 3e1357b6bf3..15c6bd4f24b 100644
--- a/src/test/java/com/stripe/net/WebhookTest.java
+++ b/src/test/java/com/stripe/net/WebhookTest.java
@@ -160,6 +160,45 @@ public void testMalformedHeader() throws SignatureVerificationException {
     assertEquals("Unable to extract timestamp and signatures from header", exception.getMessage());
   }
 
+  @Test
+  public void testNonNumericTimestamp() throws SignatureVerificationException {
+    final String sigHeader = "t=not_a_number,v1=some_signature";
+
+    Throwable exception =
+        assertThrows(
+            SignatureVerificationException.class,
+            () -> {
+              Webhook.Signature.verifyHeader(payload, sigHeader, secret, 0, null);
+            });
+    assertEquals("Unable to extract timestamp and signatures from header", exception.getMessage());
+  }
+
+  @Test
+  public void testEmptyTimestampValue() throws SignatureVerificationException {
+    final String sigHeader = "t=,v1=some_signature";
+
+    Throwable exception =
+        assertThrows(
+            SignatureVerificationException.class,
+            () -> {
+              Webhook.Signature.verifyHeader(payload, sigHeader, secret, 0, null);
+            });
+    assertEquals("Unable to extract timestamp and signatures from header", exception.getMessage());
+  }
+
+  @Test
+  public void testOverflowTimestampValue() throws SignatureVerificationException {
+    final String sigHeader = "t=99999999999999999999,v1=some_signature";
+
+    Throwable exception =
+        assertThrows(
+            SignatureVerificationException.class,
+            () -> {
+              Webhook.Signature.verifyHeader(payload, sigHeader, secret, 0, null);
+            });
+    assertEquals("Unable to extract timestamp and signatures from header", exception.getMessage());
+  }
+
   @Test
   public void testNoSignaturesWithExpectedScheme()
       throws SignatureVerificationException, NoSuchAlgorithmException, InvalidKeyException {