Because emails from internal sources are always suspect is incorrect.
Explanation :
Questioning the authenticity of internal emails is crucial in preventing spear phishing attacks, which often impersonate departments like finance to steal sensitive information.