Using the name of a company CEO in a phishing message raises the trust level of the phishing message by mimicking internal communications.

Using the name of a company CEO in a phishing message exploits authority and familiarity to boost the message’s credibility. In social engineering, people tend to trust messages that look like they come from senior leadership or internal communications. When an email appears to be from the CEO, recipients may assume it’s legitimate and act quickly, especially if the message uses the company’s tone, names, and internal cues. This is a classic tactic in spear phishing and business email compromise, where attackers impersonate trusted figures to bypass scrutiny and prompt actions like clicking a link, sharing credentials, or transferring funds. That’s why the option describing it as raising the trust level by mimicking internal communications is the best fit. It’s not about legality or standard security practice, and it doesn’t reduce trust—quite the opposite, it increases perceived legitimacy by leveraging internal authority. Training and controls that help people verify sender legitimacy, along with technical measures like DMARC, SPF, and DKIM, serve to counter this tactic.