The activities that could be considered a potential spear phishing scam are:
A courier delivers a duplicate invoice to a business that contains updated payment details of an existing supplier. This could be a way of diverting funds to a fraudulent account by impersonating a legitimate vendor and exploiting the trust relationship between the business and the supplier1.
Payroll receives an external email from an employee looking to update their bank account information. This could be a way of stealing money from the employee or the employer by pretending to be the employee and requesting a change in the payment method or destination2.
An employee receives an email that asks to download an attachment, but the attachment is a malware. This could be a way of infecting the employee’s computer or network with malicious software that could compromise sensitive data, disrupt operations, or demand ransom3.
The other options are not necessarily spear phishing scams, although they may be other types of fraud or deception. For example:
An employee receives a phone call requesting that money be sent to assist someone in trouble. This could be a vishing scam, which is a form of voice phishing that uses phone calls to solicit personal or financial information or to request money transfers4.
A business sends its employees an email warning that email passwords must be changed to prevent cyber-fraud. This could be a legitimate security measure, or it could be a phishing scam, which is a form of email phishing that targets a broad audience and tries to trick them into revealing their credentials or clicking on malicious links.
Members of a religious organization receive a donation request by email claiming to be from their leader. This could be a genuine appeal, or it could be a social engineering scam, which is a form of manipulation that exploits the human factor and relies on the victim’s emotions, trust, or sympathy.
[References:, ACAMS CAMS Certification Video Training Course - Exam-Labs3, Exam CAMS: Certified Anti-Money Laundering Specialist (the 6th edition)4, ACAMS Study Guide for the Certification Examination, 6th Edition, Chapter 3, page 53: https://www.acams.org/wp-content/uploads/2019/08/ACAMS-Study-Guide-6th-Edition-Chapter-3.pdf, ACAMS Study Guide for the Certification Examination, 6th Edition, Chapter 3, page 54: https://www.acams.org/wp-content/uploads/2019/08/ACAMS-Study-Guide-6th-Edition-Chapter-3.pdf, ACAMS Study Guide for the Certification Examination, 6th Edition, Chapter 3, page 55: https://www.acams.org/wp-content/uploads/2019/08/ACAMS-Study-Guide-6th-Edition-Chapter-3.pdf, ACAMS Study Guide for the Certification Examination, 6th Edition, Chapter 3, page 56: https://www.acams.org/wp-content/uploads/2019/08/ACAMS-Study-Guide-6th-Edition-Chapter-3.pdf, ]