New Enroll here to Join NaBFID Analyst Into Class on May 6

    Question

    An employee in a financial organization receives an

    email claiming to be from the company CEO, asking them to urgently transfer funds to a specific account. The email contains grammatical errors but includes the CEO's name and email address. What should the employee do in this situation?
    A Reply to the email asking for clarification. Correct Answer Incorrect Answer
    B Transfer the funds immediately to avoid delays. Correct Answer Incorrect Answer
    C Report the email to the IT security team without replying. Correct Answer Incorrect Answer
    D Verify the request by calling the CEO using the number provided in the email. Correct Answer Incorrect Answer
    E Forward the email to colleagues to verify its legitimacy. Correct Answer Incorrect Answer

    Solution

    This situation is a classic example of phishing, where attackers impersonate someone trustworthy to steal sensitive information or finances. The best practice is to report the email to the IT security team without engaging with the sender. By doing so: 1. The organization’s security team can investigate and mitigate further risks. 2. The employee avoids unintentionally providing information or falling into the trap. 3. Reporting helps educate others in the organization about the phishing attempt. Replying to the email or calling the number provided could expose more information or lead to further attacks, making non-engagement critical. Why Other Options Are Incorrect: • A) Replying: Engaging with the sender can reveal personal or organizational information. • B) Transferring funds: Taking action without verification risks financial loss. • D) Calling the number in the email: The number might lead to the attacker directly. • E) Forwarding the email: Sharing it risks spreading malware if attachments or links are clicked.

    Practice Next