An employee in the finance department receives an email from the CEO asking for immediate review of an attached document labeled 'Financial_Report_2023.xls'. The employee was not expecting any reports today. What potential threat could this file pose if the employee fails to take proper security measures before opening it?
Opening the file will automatically archive older financial reports for efficiency purposes.
The file could be a duplicate of a file already present on the network, leading to data redundancy.
The file may contain malicious code that can execute upon opening, compromising the integrity of the employee's system.
The attachment is likely a template for future financial reports and opening it would set a new standard format.
The scenario describes a common social engineering tactic known as pretexting, where an attacker fabricates a scenario to lure the victim into performing an action they shouldn't. The file 'Financial_Report_2023.xls' could contain a macro or exploit that, once opened, could execute malicious code on the user's system, leading to potential data exfiltration or other security incidents. This threat could materialize if macros are enabled or the file exploits a known vulnerability within the spreadsheet software. The other options are potential outcomes or states of a file but do not describe the immediate threat that an unexpected, unsolicited file could pose.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is pretexting in the context of social engineering?
Open an interactive chat with Bash
What are macros in spreadsheet files and how can they be dangerous?
Open an interactive chat with Bash
What steps can employees take to mitigate risks before opening unexpected email attachments?