After a security awareness training session, a user called the IT help desk and reported a suspicious call. The suspicious caller stated that the Chief Financial Officer wanted credit card information in order to close an invoice. Which of the following topics did the user recognize from the training?

An insider threat refers to a security risk that originates from within the organization, typically involving employees or contractors who misuse their access to harm the company. While the caller impersonates someone within the organization, the threat is external, as the caller is not a legitimate employee but rather a potential fraudster attempting to deceive the user.

Email phishing is a specific form of cyber attack where attackers send fraudulent emails to trick recipients into revealing personal information or downloading malware. Although this situation involves a deception, it is not conducted via email; therefore, it does not fit the phishing definition. The scenario describes a phone call rather than an email-based attack.

Executive whaling specifically targets high-level executives for more significant financial gain or data breaches. While the scenario does involve a high-ranking official, the focus is on the deception used to extract information rather than a targeted attack against an executive. This broader approach to social engineering captures the essence of the tactic used in this situation.