312-50V10 · Question #504
First thing you do every office day is to check your email inbox. One morning, you received an email from your best friend and the subject line is quite strange. What should you do?
The correct answer is C. Forward the message to your company's security response team and permanently delete the. A suspicious email from a known contact with an unusual subject line should be reported to the security response team and then permanently deleted to prevent potential malware execution.
Question
First thing you do every office day is to check your email inbox. One morning, you received an email from your best friend and the subject line is quite strange. What should you do?
Options
- ADelete the email and pretend nothing happened.
- BForward the message to your supervisor and ask for her opinion on how to handle the situation.
- CForward the message to your company's security response team and permanently delete the
- DReply to the sender and ask them for more information about the message contents.
How the community answered
(27 responses)- A7% (2)
- B4% (1)
- C89% (24)
Why each option
A suspicious email from a known contact with an unusual subject line should be reported to the security response team and then permanently deleted to prevent potential malware execution.
Deleting the email without reporting it deprives the security team of a potential threat indicator and leaves the organization unaware of a possible phishing campaign or compromised account.
A supervisor is not trained in threat analysis; the correct escalation path for suspicious emails is the dedicated security response or SOC team, not management.
Forwarding the suspicious email to the security response team ensures trained professionals can analyze it for phishing, malware, or account compromise indicators before it can cause harm. Permanently deleting the message afterward removes the threat from your inbox and prevents accidental interaction. This follows standard security incident reporting procedures and protects both the individual and the organization.
Replying to a suspicious email may confirm your address as active to an attacker, trigger auto-execution of malicious content, or provide a social engineering foothold.
Concept tested: Suspicious email security incident reporting procedure
Source: https://www.cisa.gov/resources-tools/resources/phishing-guidance-stopping-attack-cycle-phase-one
Topics
Community Discussion
No community discussion yet for this question.