B - Opening files from unknown source should be verified e.g. the attacker that compromise the account if that make sense

Okay, I will be the one saying C..I know...it might be stupid/wrong but hear me out. So, after some discussions with a few cyber experts, we agreed that both B and C could be the correct options, it really depends on your angle. For option B, the arguments is that the verification could be something set, server side, such as a 2FA(you send a file, you must auth with 2FA) -> valid idea, a bit uncommon, but valid For option C - the idea of having files scanned before being sent by different solutions and then marked as TRUSTED is another way of approaching this since 2FA can be bypassed (looking at MS). So after even more deliberations, if I had this question, I would go with option B as it covers more ground (software fails, but an email protection service fails more often than 2FA)

B is the only one that makes sense.

Chat GPT: Verifying the sender's identity before opening any files is a crucial preventive measure in this context. This can involve double-checking with the sender through a different communication channel before opening unexpected files or links, even if they appear to come from someone you know. This measure helps to mitigate the risk of similar attacks by ensuring that the files or links are genuinely intended and safe to open.

Question mentioned that account was compromised

B. Instant Messenger Applications; verifying the sender's identity before opening any files CEH book, Module 7 - Different Ways for Malware to Enter a System.

It should not be B, as the attacker obtained access to one of the teammate's messenger accounts, so even if you verify the sender's identity, it is not a fake account, it does not help. A is the option for me.

B. Instant Messenger Applications; verifying the sender's identity before opening any files

A option for me