Phishing & Scam Awareness and Reporting

Overview

Phishing and scams are attempts by criminals to trick you into giving away sensitive information, money, or access to company systems.

These attacks can come through:

  • Email (Phishing)
  • Text messages (Smishing)
  • Phone calls (Vishing)
  • Social media messages
  • Fake websites
  • Payment or gift card requests

These threats target both individuals and organizations. Awareness and quick reporting help protect everyone.

What Is Phishing?

Phishing is when someone pretends to be a trusted person, company, or organization to trick you into:

  • Entering your username and password
  • Sharing verification (MFA) codes
  • Clicking malicious links
  • Downloading infected attachments

The goal is usually to gain access to accounts or steal data.

What Is a Scam?

A scam is a broader attempt to deceive someone for financial gain or sensitive information.

Common workplace scams include:

  • Gift card purchase requests
  • Fake invoices
  • Payroll or direct deposit change requests
  • “CEO” or leadership impersonation
  • Tech support scams
  • Fake job or vendor requests

Scams often create urgency to pressure you into acting quickly.

Common Warning Signs

Be cautious if you notice:

  • Urgent language (“Act immediately” or “Final notice”)
  • Threats (“Your account will be suspended”)
  • Requests for passwords or verification codes
  • Requests for gift cards or wire transfers
  • Unusual payment instructions
  • Unexpected attachments
  • Poor grammar or misspellings
  • Email addresses that look similar but slightly incorrect
  • Links that don’t match the company website when hovered over

If something feels rushed, secretive, or unusual — pause and verify.

High-Risk Scenarios

Extra caution is required when emails involve:

  • Payroll changes
  • Banking information updates
  • Vendor payment instructions
  • Wire transfers
  • Leadership requesting confidential information
  • Account login verification

These are commonly targeted areas.

What NOT To Do

If you suspect phishing or a scam:

  • Do NOT click links
  • Do NOT open attachments
  • Do NOT reply to the sender
  • Do NOT provide passwords or MFA codes
  • Do NOT purchase gift cards or send money

What TO Do

  1. Do not interact with the message.
  2. Take a screenshot if needed.
  3. Report it immediately (see below).
  4. Delete the message after reporting.

If you are unsure whether something is legitimate, report it anyway.

How to Report Phishing or a Scam

If you receive a suspicious message:

  1. Forward it to:

    itsupport@behavioralframework.com

OR

  1. Submit a Help Scout ticket with:
    • Subject line: Phishing/Scam Report
    • Screenshot of the message
    • Brief description

Early reporting helps protect the entire organization.

If You Clicked or Responded

If you accidentally:

  • Clicked a suspicious link
  • Entered your credentials
  • Shared sensitive information
  • Sent payment or gift cards

Immediately:

  1. Disconnect from Wi-Fi (if possible).
  2. Contact IT Support right away.

  3. Submit a ticket marked:

    URGENT – Possible Phishing/Scam Incident

  4. Bring device to IT.

The sooner IT is notified, the better the outcome.

Important Reminders

IT will NEVER ask you for:

  • Your password
  • Your MFA verification code
  • Gift cards
  • Personal banking details

If you receive a request like this, it is likely fraudulent.

Why Reporting Matters

Prompt reporting allows IT to:

  • Block malicious senders
  • Warn other staff
  • Prevent financial loss
  • Protect company data
  • Reduce risk exposure

Security is everyone’s responsibility.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us