Because it's company policy to distrust internal communications is incorrect.
Explanation :
Questioning the authenticity of internal emails is crucial in preventing spear phishing attacks, which often impersonate departments like finance to steal sensitive information.