Overview
Phishing emails and spam are among the most common security threats facing our organization. This article explains how to recognize suspicious emails, what to do if you receive one, and how the IT security team handles phishing reports. We also conduct regular phishing simulations to keep everyone alert – these are training exercises, not real attacks.
How to Recognize a Phishing Email
Warning signs of a phishing or scam email include:
- Unexpected requests for payment, wire transfers, or gift cards
- Urgent or threatening language ("Your account will be closed," "Immediate action required")
- Links that don't match the sender's domain (hover over links to check before clicking)
- Emails appearing to come from DocuSign, Microsoft, or other services asking you to click a link
- Sender email address that looks slightly wrong (e.g., no-reply@docusign.com.fake.net)
- Requests for your username, password, or personal information
- Invoices or payment reminders from unknown vendors
- Emails with subject lines like "Certificate of Insurance," "Past Due Invoice," or "Document to Sign" from unknown parties
What to Do If You Receive a Suspicious Email
Do NOT click any links, open attachments, or reply to the sender.
Forward the email to IT by submitting a helpdesk ticket, or forward it directly to helpdesk@gridworks-eng.com with the subject line "Possible Phishing Email."
If you accidentally clicked a link or entered credentials, contact IT immediately via phone or the helpdesk portal.
About Phishing Simulations (Arctic Wolf)
Our organization runs periodic phishing simulation campaigns through Arctic Wolf as part of our security awareness training program. These simulations send fake phishing emails to employees to test their awareness.
If you receive an email from what appears to be a phishing simulation (e.g., subject line "Disputed items for review"), do not panic. Simply report it to IT via the helpdesk. You will NOT be penalized for reporting simulated phishing emails – in fact, reporting them is encouraged.
If you clicked a link in a simulation email, you may be directed to a security awareness training page. Complete the training and notify IT.
Whitelist / Domain Allow List Requests
If a legitimate external partner's emails are being blocked or flagged as spam, contact IT to request that their domain be added to the allow list. Include the sender's email domain and a brief explanation of your business relationship.
Email Security Tips
- Never share your Microsoft 365 password with anyone, including IT staff
- Enable Multi-Factor Authentication (MFA) on your account
- When in doubt, call the sender directly to verify before clicking any links
- Report suspicious emails promptly – early reporting helps protect the entire organization
Questions? Submit a ticket at the IT helpdesk portal or email helpdesk@gridworks-eng.com.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article