At DUR Consulting, the integrity of our mandate and the protection of your data are our highest priorities. In an environment of increasing cyber threats—such as CEO fraud, phishing, and man-in-the-middle attacks—we adhere to strict governance protocols to ensure secure collaboration.
This page outlines our binding standards for document validation, communication channels, and fraud prevention. We request all clients and partners to familiarize themselves with these guidelines.
To eliminate the risk of document manipulation, DUR Consulting adheres to a strict "Digital First" policy regarding legally binding agreements.
Authorized Platforms: We transmit binding contracts, mandate agreements, and legal authorizations exclusively via Adobe Sign or Zoho Sign.
No "Simple Scans": A standard PDF containing a scanned image of a handwritten signature is not classified as binding by our internal compliance standards. Please treat such documents with immediate suspicion if they purport to create legal or financial obligations.
Verification: Any binding document received from us will contain a valid digital certificate. You can verify the authenticity within your PDF reader (e.g., the "Blue Ribbon" in Adobe Acrobat) and view the embedded Audit Trail, which logs the IP address and timestamp of the signatory.
Note: If you receive a document that appears to be from DUR Consulting but lacks a verifiable digital signature, please consider it a draft or a potential forgery and contact us immediately.
We maintain a zero-tolerance policy regarding the insecurity of financial data in email communications.
Security Warning: We never change our bank account details via email.
If you receive an email—even one that appears to originate from a legitimate @dur-consulting.com address—requesting you to redirect payments to a new account or a different jurisdiction, do not proceed. This is a hallmark of payment fraud.
Protocol: Any change to financial coordinates requires a multi-factor verification process, including a mandatory verbal confirmation via a known telephone number or a secure notification via our Client Data Room.
We strictly segregate our communication channels based on the confidentiality level of the information being exchanged.
Authorized Channel: Exclusively via our Encrypted Client Data Room.
Prohibited: Do not send high-risk documentation via standard email attachments or instant messengers.
Authorized Channel: Corporate Email (@dur-consulting.com).
Scope: General advisory, strategy alignment, and meeting minutes.
Encryption: We support PGP/S/MIME encryption upon request.
Authorized Channels: Telephone, Signal, Threema, or WhatsApp.
Scope: Scheduling, logistics, and non-critical status updates.
Prohibited: We will never discuss confidential mandate details, strategy, or banking information via instant messaging apps.
If you suspect you have received a fraudulent communication, a manipulated document, or if you observe suspicious activity related to our brand, please report it immediately. Your report will be handled with the highest priority and discretion by our Compliance Officer.
Reporting Email: Forward suspicious emails (preferably as an attachment) to: whistle@dur-consulting.com
To ensure the security of our partnership, we recommend adhering to the following best practices:
Domain Verification (Typosquatting): Always verify the sender's email domain. Legitimate emails come exclusively from @dur-consulting.com. Be wary of subtle variations (e.g., dur-consuiting.com).
Two-Factor Authentication (2FA): Protect your access to our Client Data Room and your own email accounts with a strong second factor (Authenticator App or Hardware Token).
The "Four-Eyes" Principle: In cases of unusual urgency, pressure to act quickly, or requests for strict secrecy regarding payments, always verify the instruction with a second contact person at DUR Consulting.