About us

Security

Bank Certificates of Ownership

Our customers can download our bank certificates to pay pro forma invoices or to make bank transfers. We make such certificates available to you to minimise online fraud due to phishing attacks. You need to log in first before downloading the certificates. The certificates are in PDF format and are digitally signed.

HTTPS and TLS

You should be already aware that nowadays all legitimate websites use HTTPS, and that TLS certificates are used to encrypt the data between the server and the client (check here for more information on HTTPS and TLS). This is particularly important when you are entering personal data, such as your name, address, email, and particularly when purchasing online. Even though we do not store any critical information such as credit card details, we still use HTTPS and TLS certificates to protect our communications. How to check that the connection with us is secure depends on the browser you are using, but typically you should see a padlock icon next to the URL, see details for Chrome or Firefox browsers. You should also check that the exisitng certificate is that appropriate for the website, ralcoeuropa.eu in our case, and that it is obviouly valid (e.g. it has a trusted certificate chain). You can use online tools such as SSL Labs to check the security of any website.

We encourage our clients to be extra careful when clicking links, in emails or in PDF documents, or when scanning QR codes (which they simply redirect to a URL). Fraudulent links are a common way to steal your data, and they can be easily disguised as legitimate ones. For example, you can check the destination of a link by hovering over it, and checking the URL that appears. Please, make sure that the link from us starts with https://www.ralcoeuropa.eu, in this way you can be sure that you are visiting our website and not a fraudulent one.

Example of using Chrome to check that your connection with us is secure. Ralcoeuropa.eu certificate chain as of 2025.

Ralcoeuropa.eu certificate chain Ralcoeuropa.eu certificate chain

Example use of HTTPS in a online order PDF document

Example use of HTTPS in our online orders

Example use of HTTPS in QR codes

Example use of HTTPS in our QR codes

Digitally Signed PDF documents

Nowadays at Ralco Europa we conduct most of our business online, either through this website, or by communicating with our sales team using emails or WhatsApp. Hence, we take online security, and particularly online fraud, very seriously and we are continuously taking measures to improve our systems.

A prevalent type of online fraud, that as our customer you should be aware of, involve identity supplantation. There are many types of phishing attacks (e.g. here or here), and most of them are not relevant to your relationship with us. The type of phishing attack most relevant for us is that when you receive an email, apparently from us, with a quotation or proforma invoice PDF document to be paid, as usual, by bank transfer. However, a hacker has modified the original email and/or PDF document to add different payment bank details than those previously mentioned, typically to a bank in a country different than ours.

Such modus operandi has happened to us twice. The first time was in 2022, and it was caused by one of our email accounts being hacked. Luckily, the client that received the modified PDF document, with a different bank account, confirmed with us first and no harm was done. The second time was in 2024, when this time the email account of our client was hacked, and again received one of our PDF documents but modified with a different bank account. Unfortunately, this time the client paid.

Both incidents involved a man-in-the-middle (MiTM) attack, whereby a hacker obtained a valid PDF document from us, modified it, and then it would send it to the customer from ‘us’. For this reason, we are going to start digitally signing the PDF documents in order for you to check the validity of such document, or if it has been modified somehow. We plan that most of the PDF documents obtained through this website Clients Area to be digitally signed. Unfortunately, our ERP software currently does not have such capabilities, hence the PDF documents received by email wont be signed at this point.

The following is a tutorial on how you can check the validity of signed PDF documents received from us, and to verify if they have been modified in any way. To easily check digital certificates in PDF documents, it is recommended that you open them with an appropriate software, and not with your browser or email client. The following tutorial uses the free Adobe Acrobat Reader and PDF X-Change Editor as examples.

Example using Adobe Acrobat Reader

Original PDF with Adobe Acrobat Reader

Example using PDF-XChange Editor

Original PDF with PDF-XChange Editor

Let us consider the above pro-forma invoice of a single connecting rod which includes the bank details to perform the payment. Once it is opened, there are two things to check: 1) that the certificate is valid and belongs to Ralco Europa, and 2) that the document has not been modified since it was signed. Both information can be found in the Signature Panel of the software, or by clicking the top image in the document that visually identifies that the PDF as being digitally signed.

Les us consider now that to this PDF document we add several annotations, such as extra text, a black rectangle, an arrow and underline some text. The newly saved PDF document will still have a valid digital certificate; however, you should observe that there are modifications that are not digitally signed – evidence of a hacked document.

Example using Adobe Acrobat Reader

Modified PDF with Adobe Acrobat Reader

Example using PDF-XChange Editor

Modified PDF with PDF-XChange Editor

Importantly, even if the document has modifications, it is still possible to check which was the original PDF document that was initially signed, and hence from us; the links are shown above for the two software used.