“Hey, are you available?”

by Michael Miller

Why That Text Isn’t the Real Threat (But Still Worth Your Attention)

Today, we received a help ticket from a customer who got a strange text message that said:
“Hey, are you available?”

It looked like it came from her boss. Naturally, she was alarmed because it was sent to her personal cell number, which she believed was private. She did exactly what she should have: she reached out and reported it.

After a quick conversation, we discussed a likely source. Her phone number was listed on a publicly posted resume; it had been out there since she was hired for her current position. It didn’t take a hacker or insider threat to get her number, just a few clicks and a little creativity.

First, we want to be clear:
She did the right thing by being cautious, and we appreciate her reaching out. This is exactly the kind of awareness we want to encourage.

That said, it’s also a great reminder:
What feels private often isn’t. Much of our contact info is surprisingly easy to find between resumes, social media accounts, and online tools. That’s why it’s important to be mindful of what you share and how you use platforms, especially job search sites and social media.

Here’s the key takeaway:
“Hey, are you available?” is a common tactic in phishing scams. It’s vague on purpose, and it’s a low-effort attempt to start a conversation. These messages are sent out in bulk, hoping to catch someone off guard.

But here’s when to be concerned:

  • “Hey, are you available? I need to update the ABC Project in Monday.com.”
  • “Can you resend the interior design proposal we sent to Dan at Smith Corp?”
  • “Are you free to talk about the CRM migration scheduled for later this week?”

Those examples show specific knowledge of your company, clients, or systems. You should escalate the issue if this occurs because it may indicate unauthorized access or targeted social engineering.

What You Can Do:

  • Don’t ignore your instincts. If something feels off, say something.
  • Generic messages = low risk. But they’re still worth reporting if you’re unsure.
  • Watch for details. If a message includes specific project info, act quickly.
  • Limit what you post online. Be careful with resumes, bios, and social media posts.
  • Stick to known channels. If your team uses Teams, Slack, or a known number, trust only that.

And while we’re here, use tools with intention. If your company is a Microsoft shop, try to stay within the Microsoft ecosystem before introducing a third-party app to solve one small issue. The same goes for Google, Salesforce, Netsuite, or any other primary platform your organization uses.

Using 20% of 10 different tools might sound flexible, but it quickly creates an unmanageable, disconnected mess = hard to support, difficult to secure, and a nightmare to maintain.

But enough about that for now. Look for more advice on this topic in an upcoming post.

Bottom line:
It’s not the generic “Hey, are you available?” that puts your data at risk. It’s when the message knows what you’re working on and shouldn’t.

 

Related Blog Posts

by Kristen Morris

AI Has Arrived—and It’s Not Waiting
by Kristen Morris

Overcoming Tech Limitations: Why Small Mindsets Cost Big
by Michael Miller

Some Things Can’t Be Fixed After the Fall