312-50V11 · Question #504
First thing you do every office day is to check your email inbox. One morning, you received an email from your best friend and the subject line is quite strange. What should you do?
The correct answer is C. Forward the message to your company's security response team and permanently delete the. When receiving a suspicious email from a known contact, the correct response is to report it to the security team and delete it - not to reply or simply ignore it.
Question
First thing you do every office day is to check your email inbox. One morning, you received an email from your best friend and the subject line is quite strange. What should you do?
Options
- ADelete the email and pretend nothing happened.
- BForward the message to your supervisor and ask for her opinion on how to handle the situation.
- CForward the message to your company's security response team and permanently delete the
- DReply to the sender and ask them for more information about the message contents.
How the community answered
(49 responses)- A2% (1)
- B2% (1)
- C88% (43)
- D8% (4)
Why each option
When receiving a suspicious email from a known contact, the correct response is to report it to the security team and delete it - not to reply or simply ignore it.
Simply deleting the email fails to report a potential security incident, leaving the organization unaware of a possible compromise or phishing campaign.
A supervisor is not the designated handler for security incidents; escalation should go directly to the security response team, not management.
Forwarding the suspicious email to the company's security response team preserves evidence and allows trained analysts to investigate a potential phishing or account-compromise incident. Permanently deleting the email afterward prevents accidental interaction with any malicious links or attachments. This follows NIST SP 800-61 incident handling best practices by escalating to the appropriate response team.
Replying to the sender could confirm the email address is active to an attacker, and may trigger further phishing attempts or expose additional information.
Concept tested: Suspicious email incident reporting procedure
Source: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf
Topics
Community Discussion
No community discussion yet for this question.