An employee receives an email that appears to be from the CEO and asks for gift cards before a meeting. What should the employee do first?
Trap 1: Buy the gift cards immediately so the CEO is not delayed.
Complying without verification can directly reward a scam and cause financial loss.
Trap 2: Forward the email to coworkers so they can watch for the same…
Forwarding it broadly can spread confusion and does not confirm whether the request is legitimate.
Trap 3: Reply to the sender and ask for more details in the same email…
Replying within the same thread may still interact with a spoofed or compromised account and is not a safe verification method.
- A
Report the message through the approved security channel and verify the request by a separate method.
This is correct because urgent gift card requests are a common social engineering tactic. The safest first step is to report the message and verify the request using a known, separate contact method. That prevents accidental compliance and helps the security team evaluate whether the email is fraudulent.
- B
Buy the gift cards immediately so the CEO is not delayed.
Why wrong: Complying without verification can directly reward a scam and cause financial loss.
- C
Forward the email to coworkers so they can watch for the same request.
Why wrong: Forwarding it broadly can spread confusion and does not confirm whether the request is legitimate.
- D
Reply to the sender and ask for more details in the same email thread.
Why wrong: Replying within the same thread may still interact with a spoofed or compromised account and is not a safe verification method.