Step 7: Email Reference (Optional) - Customer Instruction Journey

✓ Instruction Successfully Submitted!

Your bank account details have been securely submitted to your legal team.

Your Reference Code:

CREF-73D9-221B

If you are also sending an email to your solicitor, please include this reference.

Optional: Email Your Solicitor

From: sarah.mitchell@email.com

To: david.thompson@shepwedd.com

Subject: Bank Details Submitted - Property Purchase

Hi David,

I've just submitted my bank account details through the secure verification portal for receiving the completion funds.

📋 Verified Instruction Reference: CREF-73D9-221B

Please let me know if you need anything else from me.

Best regards,
Sarah Mitchell

🔑 Key Point: Reference Code is Unforgeable

Even if this email is hacked or spoofed, the reference cannot be faked: An attacker might compromise Sarah's email and send a message with a fake reference code, but David Thompson can instantly verify the reference against the backend database. Only legitimate, passkey-signed instructions generate valid CREF codes.

Email is Optional, Not Required

The Instruction is Already Received

Sarah does not need to send an email—her instruction is already securely recorded in the firm's backend system. The email is purely a courtesy notification. Even if she doesn't send it, David Thompson can see the instruction in his secure portal dashboard.

The instruction exists in the backend database
David can view it in the firm's secure portal
Email is only for convenience/notification
The reference code links email to the verified instruction

Attack Scenarios Defeated

❌ Attacker Compromises Email

Attacker sends email from sarah.mitchell@email.com with fake reference "CREF-FAKE-1234" and fraudulent bank details. David checks the backend—reference invalid. Instruction rejected. Attack fails.

✓ Legitimate Client Instruction

Sarah's email includes "CREF-73D9-221B". David checks backend—reference valid, signed with Sarah's passkey, timestamped, all details match. Instruction processed with confidence.

How the Solicitor Verifies

David Thompson's Verification Process

Receives email from Sarah mentioning reference CREF-73D9-221B
Opens firm's secure portal dashboard
Searches for reference code CREF-73D9-221B
Backend shows: ✓ Valid, ✓ Sarah Mitchell, ✓ Passkey-signed, ✓ Timestamp 9 Dec 2025
Views full instruction payload with bank details
Proceeds with confidence—cryptographic proof exists

Complete Workflow Summary

What Was Achieved

Step 1: Sarah visited the secure portal at shepwedd.com/verify
Step 2: She authenticated with her passkey (Face ID/Touch ID/Windows Hello)
Step 3: She selected "Bank Account Details" from the instruction menu
Step 4: She entered her bank details with real-time validation
Step 5: She cryptographically signed the instruction with her passkey
Step 6: Backend created permanent, immutable record CREF-73D9-221B
Step 7: (Optional) She included reference in a courtesy email

Result: Complete protection against email compromise, phishing, man-in-the-middle attacks, and fraudulent instructions. Both client and firm have cryptographic proof of authenticity.