A company's CEO receives an email from what appears to be a trusted source, requesting sensitive financial information for an 'urgent financial audit'. Which of the following is the BEST course of action the CEO should take to verify the legitimacy of this request?
Ignore the email as it is likely to be a scam without taking any further action.
Reply to the email and ask for confirmation that the request is legitimate.
Use the phone number provided in the email to call the trusted source and confirm the request.
Contact the trusted source directly using previously verified contact information to confirm the request.
It is important to verify the legitimacy of requests for sensitive information through a secondary communication channel different from the one used for the initial contact. Directly contacting the supposed source by phone or in-person is a best practice to confirm the authenticity of the request, as email addresses can be spoofed to look like they come from a trusted individual. However, it is possible for a phone call to be part of the scam as well, especially if the phone number provided is part of the phishing attempt. Therefore, using known contact information (not provided in the email) to initiate the secondary verification is critical. Avoiding using the email reply option prevents falling for email address spoofing, and using pre-verified contact information helps ensure the conversation is with the actual trusted source.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is using previously verified contact information important?
Open an interactive chat with Bash
What are email spoofing and its implications?
Open an interactive chat with Bash
What should I do if I suspect an email is a phishing attempt?