An employee gets a call from someone claiming to represent technical support, demanding sign-in details to address a pressing service interruption. The employee wants to keep information secure. Which response helps avoid unauthorized access?
Send an alert to coworkers and keep speaking with the caller
Disclose partial login details to confirm the caller’s truthfulness
Provide information if the caller claims an IT role
Consult internal phone records and contact the help desk for validation
Consulting known contact records and speaking with the designated support channel verifies authenticity before any data is shared. Revealing even partial details places information at risk of misuse. Trusting that callers are genuine based solely on an IT label overlooks the possibility of impersonation. Sending a message to colleagues may raise awareness, but continuing the call allows more opportunities for deception.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is social engineering in cybersecurity?
Open an interactive chat with Bash
Why is it important to verify the legitimacy of callers claiming to be IT support?
Open an interactive chat with Bash
What are best practices for preventing unauthorized access through phone calls?