An employee receives an email that appears to be from their company's IT department, asking them to confirm their username and password for a new security system by replying directly to the email. Before responding, what should the employee verify to prevent falling victim to a potential social engineering attack?
The employee should verify the sender's email address matches the company's email format exactly.
The employee should check for spelling and grammar mistakes in the email content.
The employee should click on any links in the email to see if they lead to the company's official website.
The employee should reply to the email confirming their username but not the password.
The correct action the employee should take is to verify the authenticity of the request via a known, independent communication channel. By confirming with the IT department through a separate email, phone call, or in person, the employee can ensure that the request is legitimate and not a phishing attempt. Phishing emails often mimic official communications to trick users into divulging sensitive information; hence, it is critical to independently confirm any out-of-the-ordinary or unsolicited requests for credentials.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is social engineering and how does it relate to phishing?
Open an interactive chat with Bash
How can I verify if an email is legitimate without responding directly to it?
Open an interactive chat with Bash
What should I do if I suspect an email is a phishing attempt?