An employee receives an email that appears to be from their company's IT department, asking them to confirm their username and password for a new security system by replying directly to the email. Before responding, what should the employee verify to prevent falling victim to a potential social engineering attack?
The employee should check for spelling and grammar mistakes in the email content.
The employee should reply to the email confirming their username but not the password.
The employee should verify the sender's email address matches the company's email format exactly.
The employee should click on any links in the email to see if they lead to the company's official website.