Swisscom bills / a crime-pusher

hello everyone,

a little note dedicated to the person who created the layout of the email regarding the latest invoice (April-May 2023).

the email is digitally signed (S/MIME) and that’s fine. 😎

but, two negative feedbacks:

- the email, concerning its text part, is only in HTML, of which here are the first lines of the code:

<!doctype html>

<html xmlns=“http://www.w3.org/1999/xhtml” xmlns:v=“urn:schemas-microsoft-com: vml” xmlns:o=“urn:schemas-microsoft-com:office:office” lang=“en”>

<head>

<meta http-equiv=“content-type” content=“text/html; charset=utf-8”>

<meta content=“text/css;charset=utf-8” http-equiv=“Content-Style-Type”>

<meta http-equiv=“X-UA-Compatible” content=“IE=edge,chrome=1”>

<meta name=“generator” content=“AEM Forms Editor”>

<meta name=“x-apple-disable-message-reformatting”>

<meta name=“viewport” content=“width=device-width, initial-scale=1.0”>

<style type=“text/css”>

whereas for reasons of compatibility and security (e-mail clients do not natively display HTML, for example), it is recommended to send missives simultaneously in plain text and HTML, as Thunderbird can very well do.

- second, more serious point: inviting the customer to click on links found in the email… whereas cybersecurity specialists recommend never clicking on one or more links found in a company’s message known (or unknown), but to go directly to your customer area from your browser by typing the URL in the address bar (or in bookmarks/favorites).

hoping to have helped the accounting department a little.

Show original language (French)
2 months later

Screenshot_20230811_133652.png

This post is in English
6 months later

@LeylaG

in the configuration of the customer account, I just noticed that it would be possible to receive invoices in PDF directly by email.

ok, but then, in this case, it would be good if the e-mails in question were encrypted in order to comply with the LPD (data protection law) following the TOM (application guide) of the PFPDT (Federal Data Protection Officer). data protection and transparency):

[www.edoeb.admin.ch/dam/edoeb/fr/Dokumente/datenschutz/leitfaden_tom.pdf.download.pdf/TOM_FR.pdf](https://www.edoeb.admin.ch/dam/ edoeb/fr/Dokumente/datenschutz/leitfaden_tom.pdf.download.pdf/TOM_FR.pdf)

because I remind you that: www.arobase.org/securite/failles.htm

note that today subscriber <-> ISP and ISP <-> various parties (ISP, hosts, administrations and companies) connections are, in principle, encrypted.

and that this is not necessarily paying, unlike S/MIME:

fr.wikipedia.org/wiki/OpenPGP

➡️ the subscriber places his public PGP key in the customer area and that’s it. ⬅️

some software:

- a free e-mail client: www.thunderbird.net/fr/
- a web browser plugin: mailvelope.com
- a plugin for Outlook (PC): www.gpg4win.de
- for iOS (iPhone): pgpro.app
- for Android: email.faircode.eu

finally, presentation of the encryption technique used in this scenario:

fr.wikipedia.org/wiki/Cryptographie_asym%C3%A9trique

Show original language (French)

@merinos

Swisscom emails are encrypted/encrypted

For the security of its customers, Swisscom has no longer authorized unencrypted email transmission from the end of June 2019.

In Webmail and the Bluewin app, the communication channel between your device and the Bluewin email servers is always automatically encrypted. If you only use Webmail or the Bluewin app, no changes are necessary.

regarding PDF invoices sent by email

a valid and approved numeric signature is always attached to the message

Encrypted email.png

Show original language (French)

“On apprend parfois plus d'une défaite que d'une victoire” — José Raúl Capablanca

@Black Mamba

reread my first message in which I mention the signature by an S/MIME certificate.

so, no… I have never received any encrypted emails from Swisscom.

which is quite logical, how would they have obtained my public key?

in fact, I was thinking of a service offered for a few years by Facebook, of which here is a screenshot found on the net:

164091.png

and in order to use the right words: chiffrer.info

read the entirety of the short definitions going down to the author.

Show original language (French)

@LeylaG

in addition to the French language version already mentioned, here is the TOM of the PFPDT in…

- Italian language:

[www.edoeb.admin.ch/dam/edoeb/it/Dokumente/datenschutz/leitfaden_tom.pdf.download.pdf/TOM_IT.pdf](https://www.edoeb.admin.ch/dam/ edoeb/it/Dokumente/datenschutz/leitfaden_tom.pdf.download.pdf/TOM_IT.pdf)

- German language:

[www.edoeb.admin.ch/dam/edoeb/de/Dokumente/datenschutz/leitfaden_tom.pdf.download.pdf/TOM_DE.pdf](https://www.edoeb.admin.ch/dam/ edoeb/de/Dokumente/datenschutz/leitfaden_tom.pdf.download.pdf/TOM_DE.pdf)

- English language:

[www.edoeb.admin.ch/dam/edoeb/en/Dokumente/datenschutz/leitfaden_tom.pdf.download.pdf/TOM_EN.pdf](https://www.edoeb.admin.ch/dam/ edoeb/en/Dokumente/datenschutz/leitfaden_tom.pdf.download.pdf/TOM_EN.pdf)

…for your non-French-speaking colleagues.

Show original language (French)
19 days later
21 days later