312-50V11 · Question #717
When you return to your desk after a lunch break, you notice a strange email in your inbox. The sender is someone you did business with recently, but the subject line has strange characters in it. Wha
The correct answer is A. Forward the message to your company's security response team and permanently delete the. A suspicious email with unusual characters from a known contact is a potential phishing or malware delivery attempt and must be reported to the security team, not handled informally.
Question
When you return to your desk after a lunch break, you notice a strange email in your inbox. The sender is someone you did business with recently, but the subject line has strange characters in it. What should you do?
Options
- AForward the message to your company's security response team and permanently delete the
- BReply to the sender and ask them for more information about the message contents.
- CDelete the email and pretend nothing happened.
- DForward the message to your supervisor and ask for her opinion on how to handle the situation.
How the community answered
(23 responses)- A96% (22)
- C4% (1)
Why each option
A suspicious email with unusual characters from a known contact is a potential phishing or malware delivery attempt and must be reported to the security team, not handled informally.
Forwarding the suspicious email to the security response team allows trained analysts to safely examine headers, links, and attachments for indicators of compromise. Permanently deleting the original afterward removes the threat from your mailbox while ensuring the security team retains the evidence they need for investigation and broader organizational response.
Replying to a potentially spoofed or compromised sender confirms your email address is active, may trigger malicious content, and could expose you to further social engineering.
Deleting without reporting denies the security team visibility into a potential active threat against the organization.
A supervisor is unlikely to have the technical expertise to handle a potential security incident and is not the correct escalation path compared to a dedicated security response team.
Concept tested: Phishing incident response and security reporting procedure
Source: https://www.cisa.gov/sites/default/files/publications/Phishing_Guidance_508C.pdf
Topics
Community Discussion
No community discussion yet for this question.