Phishing emails often rely on mimicking internal communications to foster trust. Which statement best reflects this tactic?

The main idea is that phishing relies on social engineering by impersonating familiar internal communications to gain trust. When an email mirrors the look, structure, and language of legitimate internal messages—same layout, department names, logos, signature style, and tone—it taps into the recipient’s familiarity and authority cues, making it harder to scrutinize and more likely to be acted upon, such as clicking a link or disclosing credentials. That’s why the best statement is that the email is modeled to look similar to legitimate internal communications—it explains the trusted-feel tactic phishers exploit. The other options don’t fit because random branding distracts from credibility and isn’t a reliable tactic; attackers typically leverage recognizable internal branding rather than avoid branding altogether; and phishing isn’t guaranteed to come from truly trusted internal domains—spoofing or using compromised or look-alike domains is common—emphasizing that the key tactic is mimicking internal communications, not strictly about actual internal origin.