When an employee suspects that an email message is a sophisticated spear phishing attempt, what is the most prudent immediate action for the security team?
Immediately shut down network services to prevent a potential breach
Reply to the sender to confirm the validity of the email
Quarantine the message to initiate a review process
Send out a company-wide alert about the potential spear phishing attempt
The most prudent immediate action is to quarantine the message to prevent any potential harm while maintaining its integrity for further investigation. Initiating a review process entails examining headers, sender information, and URLs using automated or manual procedures without activating any potentially malicious elements. Initiating a company-wide alert may cause unnecessary panic before the threat is confirmed, replying to the sender could lead to further compromise, and shutting down network services is premature and disruptive without evidence of a widespread issue.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does 'quarantining a message' involve in cybersecurity?
Open an interactive chat with Bash
Why is replying to a suspicious email risky?
Open an interactive chat with Bash
What is spear phishing, and how is it different from phishing?