This article covers some of the issues involved when using a Digital Signature. Each Digital Signature is generated from a Digital Certificate (otherwise known as a Digital ID) issued by a certifying authority.
All examples given are created using Microsoft Outlook 2010 on a PC using Microsoft Windows 10, but the principles apply to other versions of Outlook and other email clients.
NOTE: “I am trying to help people make safe financial transactions but I take no responsibility for anyone’s financial loss. Reading and following this information is done at your own risk.” — HC
“The criminals hack into the email chains between sellers and buyers and their solicitors and estate agents. The fraudsters then send an email – usually on the day of sale completion – informing the parties that bank account details have changed at the last minute and that money should be deposited in a different account.” – Robert Mendick, and Nicole Blackmore, The Telegraph
The news is telling us about people who have been defrauded while making financial transactions where they have to exchange large sums of money, particularly when purchasing or selling real estate. This has made me think through the issues and give my two penny worth of advice about how to make safe financial transactions, particularly when email is involved. In particular I refer to the use of Digital Certificates otherwise referred to as Digital IDs (Identities) when sending emails.
Digital Certificates are used to digitally sign an email. When the process is performed correctly by all parties it would take a really massive effort by a fraudster to make his fake email appear genuine.
I cannot deny that steering clear of computers, mobile phones and other forms of IT would be the safest way. Beware of information passed in a phone call too. That could be fraudulent as well.
“We are getting more and more instances of this. The outcome for the fraudster is tremendous. They can earn £1m on the sale of a house in the south-east.” – Steve Proffitt, deputy head of Action Fraud. (Quoted from The Telegraph)
This Article About Safe Financial Transactions Covers:
Methods used to get people’s money by using fraudulent communications,
How to avoid being persuaded to send money to a fraudsters account,
Tesco Personal Finance email@example.com.
As you can see from the image of the email content below if you were to click on the link:
http://www.tescobank.co.uk/1/2/TESCOCAM10;&user=% firstname.lastname@example.org % you will not go to a Tesco website. Look carefully and you will see that the real URL behind the embedded link is displayed above the hand pointer when the hand hovers over the link in the text.
In the facsimile above the obscured paragraph reads:
During our regularly scheduled account maintenance and verification procedures, our records show your Tesco Credit Card Account registered to email user ” < the recipient’s email address >” has been inactive for some days. To securely confirm and reactivate your account please click on the link bellow:
This is not somewhere I’m going and I wouldn’t advise anyone to go there. You might pick up a nasty cold. It looks like a games website in Spain (the domain is “es”). I presume the page looks like a Tesco Finance log-in page. When you enter your log-in credentials the owner of the page can save them and use them to log-in to your real Tesco Finance account and play a dirty trick on you.
This email was delivered to my MS Outlook Inbox from a btinternet.com account. It wasn’t picked up by them as spam nor was it detected by Norton Internet Security, presumably because it is a new kid on the block.
I have forwarded the email to TESCO Bank for their perusal.
So now you know how to check a suspect email. Good luck and watch out.