A member of the IT department received a call from an individual claiming to be from the telecommunications company that provides services to the organization. The caller requested the IT staff member to confirm sensitive configuration details about the company's PBX system to help resolve an alleged network issue. Which of the following is the BEST course of action for the IT staff member to take?
You selected this option
Place the caller on a brief hold to inform a supervisor about the request and then return to share the information
You selected this option
Tell the caller to send an official request for information through email and then proceed with the call
You selected this option
Verify the caller's identity by calling back on a known, official number of the telecommunications company before providing any information
You selected this option
Share the requested information to resolve the network issue promptly as the caller seems knowledgeable about the company's telecommunications setup
The best action is to verify the identity of the caller through a callback to a known, official phone number for the telecommunications provider before discussing sensitive information. This is because providing such details over the phone without verification can lead to potential security breaches. Unverified calls, especially those requesting sensitive information, are likely to be vishing attacks where attackers attempt to extract critical information by impersonating legitimate entities. Unlike the incorrect options, immediate verification is critical and proper protocol in such situations; informing a supervisor is also advisable but does not directly address the potential immediate threat. Sharing the requested information or placing the caller on a brief hold without attempting to verify their identity doesn't reduce the risk associated with the potential vishing attempt.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is vishing and how can it affect organizations?
Open an interactive chat with Bash
What are the best practices for verifying a caller's identity?
Open an interactive chat with Bash
What are PBX systems and why is their security important?