Hey, Are You Available? Don’t Fall for these Phishing Scams
Phishing scams are a growing threat, and it’s crucial to recognize them early. A recent help ticket we received highlighted a typical phishing attempt. The ticket was about a strange text message that read:
“Hey, are you available?“
It looked like it came from her boss. Naturally, she was alarmed because it was sent to her personal cell number, which she believed was private. She did exactly what she should have: she reached out to us and reported it.
After a quick conversation, we discussed a likely source. Her phone number was listed on a publicly posted resume that had been floating out there since she was hired for her current position. It didn’t take a hacker or even an insider threat to get her phone number, just a few clicks, and a little creativity. This is a great example of how social engineering and phishing scams can work without the need for technical hacking methods, and how phishing scams can target seemingly private information.
First, we want to be clear:
She did the right thing by being cautious, and we appreciate her reaching out. This is exactly the kind of cybersecurity awareness and discretion we encourage.
That said, it’s also a great reminder:
What feels private to you often isn’t. Much of our contact info is surprisingly easy to find between resumes, social media accounts, and online tools. That’s why it’s important to be mindful of what you share online and how you use platforms, especially job search sites and social media. This is where data security comes into play—understanding what personal information you have that is public and how it can be exploited for targeted phishing attacks and social engineering.
Here’s the key takeaway:
“Hey, are you available?” is a common tactic used in phishing scams. It’s vague on purpose, and it’s a low effort attempt to start a conversation with you. These phishing scams are sent out in bulk, hoping to catch someone off guard. When phishing scams use your company’s name, tools, or clients, that’s when the situation becomes dangerous.
Here’s when you need to be concerned:
• “Hey, are you available? I need to update the ABC Project in Monday.com.“
• “Can you resend the interior design proposal we sent to Dan at Smith Corp?“
• “Are you free to talk about the CRM migration scheduled for later this week?“
These examples show specific knowledge of your company, clients, or systems. You should escalate the issue if this occurs because it may indicate unauthorized access or social engineering designed to trick employees into revealing sensitive information, a technique commonly used in phishing scams.
What You Can Do if You Believe You Are a Victim of a Phishing Scam:
• Don’t ignore your instincts. If something feels off, say something.
• Generic messages = low risk. But they’re still worth reporting if you’re unsure about them.
• Watch for details. If a message includes specific project info, clients, or systems, it is important to act quickly.
• Limit what you post online. Be careful with resumes, bios, and social media posts.
• Stick to known channels. If your team uses Teams, Slack, or a known number, trust only that.
And while we’re here for you, use tools with intention. If your company is a Microsoft shop, try to stay within the Microsoft ecosystem before introducing a third-party app to solve one small issue. The same goes for Google, Salesforce, Netsuite, or any other primary platform your organization uses. Keeping your Microsoft tools for security consistent can help prevent potential phishing scams from slipping through the cracks.
To further strengthen your defenses against phishing scams, it’s crucial to understand the broader landscape of cybersecurity. Our article on Cybersecurity for Small Organizations: Why You’re Worth It delves into this topic.
Using 20% of 10 different tools might sound flexible, but it quickly creates an unmanageable, disconnected mess that is hard to support, difficult to secure, and a nightmare to maintain. It’s far better to focus on fewer tools that work together seamlessly.
At Keystone, we don’t just manage IT—we execute. We ensure smooth transitions, rock-solid security, and maximum efficiency so your business can thrive. Let us handle the complexity of IT while you stay focused on what matters most—growing your business.
Contact us today to schedule a consultation and see how Keystone delivers results you can trust.