While the transaction may not have been posted, if it was stopped at your teller window, or otherwise "attempted" then I would treat it the same way as if the transaction was actually conducted. Maybe your customer has a name, phone number, email address, return address, etc that the scammer used.
As far as having to "justify any other scam that comes through that we don't file on if its under the threshold". If we have suspect info we generally file on all scams no matter the dollar amount (unless we are talking about a de minimis amount). If we don't have useful suspect info then we don't file unless it is over the $25000 threshold. FinCEN has really been pushing the idea that the ultimate goal of the BSA is to pass useful information on to law enforcement, so I would hope that examiners wouldn't pick apart voluntary filings (though you never know with some examiners).