Step 1 of 5

Agent Opens Email

Solicitor receives email from customer containing instruction reference

Scenario

David Thompson Receives Bank Details

David Thompson, solicitor at Shepherd+Wedderburn, receives an email from his customer Sarah Mitchell. She has submitted her bank account details through the secure portal and is now sending a courtesy notification via email. The email includes a customer reference code: CREF-73D9-221B.

Email from Customer

⚠️ Critical Question: Is This Email Legitimate?

Email alone cannot be trusted. Even if this email appears genuine, David cannot safely act on it without verification. Sarah's email account could be compromised, the email could be spoofed, or a man-in-the-middle could have altered it. The reference code CREF-73D9-221B is the key—but David must verify it through the backend, not trust the email.

Two Possible Scenarios

📧 Email with Reference

Client sends courtesy email mentioning the customer reference code (CREF-XXXX-XXXX). Agent sees the reference in the email body and needs to verify it.

🔔 Internal Notification

Agent receives automated internal alert: "A verified instruction has been submitted by Client X." The portal notifies them of pending instructions to review.

What David Must Do

Never Trust Email Alone

  • The email could be from an attacker who compromised Sarah's mailbox
  • The reference code could be fake or altered
  • The bank details in a follow-up might be fraudulent
  • David must verify CREF-73D9-221B through the backend system
  • Only instructions signed with Sarah's passkey can be trusted

What Happens Next?

Outlook Add-In Verification

David will use the Undoubt Outlook add-in to extract or manually enter the reference code CREF-73D9-221B. The add-in will then query the backend to verify whether this instruction is genuine, who submitted it, when, and what the payload contains.

← All Workflows Next: Extract Reference →