A company's CEO receives an email from what appears to be a trusted source, requesting sensitive financial information for an 'urgent financial audit'. Which of the following is the BEST course of action the CEO should take to verify the legitimacy of this request?
Ignore the email as it is likely to be a scam without taking any further action.
Contact the trusted source directly using previously verified contact information to confirm the request.
Reply to the email and ask for confirmation that the request is legitimate.
Use the phone number provided in the email to call the trusted source and confirm the request.
It is important to verify the legitimacy of requests for sensitive information through a secondary communication channel different from the one used for the initial contact. Directly contacting the supposed source by phone or in-person is a best practice to confirm the authenticity of the request, as email addresses can be spoofed to look like they come from a trusted individual. However, it is possible for a phone call to be part of the scam as well, especially if the phone number provided is part of the phishing attempt. Therefore, using known contact information (not provided in the email) to initiate the secondary verification is critical. Avoiding using the email reply option prevents falling for email address spoofing, and using pre-verified contact information helps ensure the conversation is with the actual trusted source.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is it important to contact the trusted source using previously verified contact information?
Open an interactive chat with Bash
What does it mean for an email address to be spoofed, and how can it be identified?
Open an interactive chat with Bash
What are some other best practices to protect sensitive information from phishing scams?