An employee gets a call from someone claiming to represent technical support, demanding sign-in details to address a pressing service interruption. The employee wants to keep information secure. Which response helps avoid unauthorized access?
Disclose partial login details to confirm the caller’s truthfulness
Provide information if the caller claims an IT role
Consult internal phone records and contact the help desk for validation
Send an alert to coworkers and keep speaking with the caller
Consulting known contact records and speaking with the designated support channel verifies authenticity before any data is shared. Revealing even partial details places information at risk of misuse. Trusting that callers are genuine based solely on an IT label overlooks the possibility of impersonation. Sending a message to colleagues may raise awareness, but continuing the call allows more opportunities for deception.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is social engineering?
Open an interactive chat with Bash
Why is it risky to share even partial login details?
Open an interactive chat with Bash
How can employees validate if a call is legitimate?