When an employee suspects that an email message is a sophisticated spear phishing attempt, what is the most prudent immediate action for the security team?
Send out a company-wide alert about the potential spear phishing attempt
Quarantine the message to initiate a review process
Reply to the sender to confirm the validity of the email
Immediately shut down network services to prevent a potential breach
The most prudent immediate action is to quarantine the message to prevent any potential harm while maintaining its integrity for further investigation. Initiating a review process entails examining headers, sender information, and URLs using automated or manual procedures without activating any potentially malicious elements. Initiating a company-wide alert may cause unnecessary panic before the threat is confirmed, replying to the sender could lead to further compromise, and shutting down network services is premature and disruptive without evidence of a widespread issue.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is spear phishing, and how does it differ from regular phishing?
Open an interactive chat with Bash
What steps are involved in the review process after quarantining a suspected spear phishing email?
Open an interactive chat with Bash
Why is it important not to reply to a suspected spear phishing email?