A senior financial officer receives an email demanding an urgent payment to a supplier. The message contains unusual language urging secrecy and immediacy, citing a confidential initiative spearheaded by the company’s top executive. Before proceeding with the financial transaction, which step should the officer take first to confirm the legitimacy of this unusual request?
Verify the request by initiating direct contact with the company's top executive using a previously known and trusted communication method.
Postpone any payment until there's an opportunity to casually confirm the request during a routine meeting with the executive.
Approve a minimal transaction to the demanded account to test for potential fraud alerts before sending the full amount.
Respond to the message requesting additional verification codewords that only the company's executives would know.
The appropriate action is for the officer to verify the request by reaching out directly to the top executive using a previously known and trusted method of communication, such as a secure phone call. This method is crucial for avoiding potential scams that exploit email communication, especially when there are deviations from standard procedures or when the email contains unusual requests that deviate from typical business practices. Simply replying to the email could result in further interaction with an impostor, and transferring even a small amount may lead to financial loss without proper verification. Delaying action may avoid a hasty mistake, but it does not confirm the authenticity of the request and leaves room for financial or operational damage if the request is legitimate.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are some trusted communication methods for verifying unusual requests?
Open an interactive chat with Bash
Why is replying directly to the email not a secure way to verify a request?
Open an interactive chat with Bash
What are some red flags in emails that indicate phishing attempts?