Several suspicious emails are being reported from end users. Organizational email is hosted by a SaaS provider. Upon investigation, the URL in the email links to a phishing site where users are prompted to enter their domain credentials to reset their passwords.
Which of the following should the cloud administrator do to protect potential account compromise?
A . Forward the email to the systems team distribution list and provide the compromised user list.
B . Click on the URL link to verify the website and enter false domain credentials.
C . Change the encryption key for the entire organization and lock out all users from using email until the issue is remediated.
D . Notify users who received the email to reset their passwords regardless of whether they click on the UR