Chuck wants to help his organization protect against business email compromise (BEC) attacks. Which of the following is not a common best practice to defend against BEC?

While attachments are a common vector for BEC attacks, deleting all attachments is not a common practice. Instead, users should be taught to be careful about clicking on and opening attachments, particularly on unsolicited email. Using two-factor authentication, reviewing suspicious emails for potential indicators of BEC, and not clicking on URLs but instead visiting sites manually are all common anti-BEC practices.