An employee in a financial organization receives an email claiming to be from the company CEO, asking them to urgently transfer funds to a specific account. The email contains grammatical errors but includes the CEO's name and email address. What should the employee do in this situation?

This situation is a classic example of phishing, where attackers impersonate someone trustworthy to steal sensitive information or finances. The best practice is to report the email to the IT security team without engaging with the sender. By doing so: 1. The organization’s security team can investigate and mitigate further risks. 2. The employee avoids unintentionally providing information or falling into the trap. 3. Reporting helps educate others in the organization about the phishing attempt. Replying to the email or calling the number provided could expose more information or lead to further attacks, making non-engagement critical. Why Other Options Are Incorrect: • A) Replying: Engaging with the sender can reveal personal or organizational information. • B) Transferring funds: Taking action without verification risks financial loss. • D) Calling the number in the email: The number might lead to the attacker directly. • E) Forwarding the email: Sharing it risks spreading malware if attachments or links are clicked.