Which of the following is a good practice if one wishes to avoid "social engineering" attacks?
a) Not opening attachments or clicking on links in messages, emails, or on websites unless absolutely sure of the source's authenticity.
b) Being cautious any time someone asks for sensitive information, whether by phone, fax, email, or even in person. It could be a scam.
c) Taking appropriate steps to confirm a person's (or site's) identity for any transaction that involves sensitive data.
d) Using strict procedures when it is necessary to exchange an authentication credential like a password, PIN, account number, or other personal data that is critical to establishing personal identity.
e) All of the above