TechCrunch has issued a critical warning to businesses regarding a significant increase in sophisticated impersonation scams. Fraudsters are actively posing as TechCrunch reporters and event leads, reaching out to companies under false pretenses to illicitly obtain sensitive business information.
The esteemed tech publication notes a recent surge in inquiries from companies asking to verify the legitimacy of individuals claiming to be TechCrunch staff. This indicates a heightened level of activity from these "bad actors" who leverage the brand's reputation to deceive unsuspecting businesses.
Understanding the Impersonation Tactics
This issue isn't unique to TechCrunch; fraudsters are exploiting the trust associated with established news brands across the media industry. The most common scheme involves impostors impersonating reporters to extract proprietary business details.
Scammers often adopt the identities of actual TechCrunch staff members, crafting what appears to be a standard media inquiry about a company's products and requesting an introductory call. While some sharp-eyed recipients might spot discrepancies in email addresses, these schemes are constantly evolving. Fraudsters are refining their tactics, mimicking reporters' writing styles, and referencing current startup trends to make their pitches increasingly convincing.
Even more troubling, victims who have agreed to phone interviews report that these fraudsters use the exchanges to dig for deeper, proprietary information. One PR representative told Axios that suspicions were raised when someone posing as a TechCrunch reporter shared a suspicious scheduling link.
The Motive Behind the Scams
While the exact motivations remain unclear, TechCrunch speculates that these groups are likely seeking initial access to company networks or other sensitive data. Former colleagues at Yahoo have indicated that these attempts align with a persistent threat actor they've tracked, known for engaging in TechCrunch impersonation to facilitate account takeover (ATO) and data theft. These campaigns often target cryptocurrency, cloud, and other tech companies using various pretexts.
How to Verify TechCrunch Outreach
Given the growing threat, TechCrunch urges companies to exercise extreme caution. If you receive an outreach claiming to be from TechCrunch and have even the slightest doubt about its legitimacy, do not take their word for it. Verification is straightforward:
- Check the Official Staff Page: The quickest way to verify is by visiting the official TechCrunch staff page. If the individual's name is not listed, they are not legitimate.
- Match Job Descriptions: Even if a name appears on the staff page, ensure their job description aligns with the request. For instance, a copy editor suddenly showing keen interest in your business might be a red flag.
- Contact Directly: If the request seems legitimate but you want to be doubly certain, feel free to contact TechCrunch directly. Each writer, editor, sales executive, marketing guru, and events team member's bio provides contact information.
TechCrunch acknowledges that double-checking media inquiries can be frustrating, but these fraudulent groups rely on companies skipping this crucial step. By being vigilant and verifying every outreach, businesses not only protect their own sensitive information but also help preserve the trust that legitimate journalists depend on to perform their work.
Known Impersonating Domains
For future reference, TechCrunch has provided a list of some impersonating domains observed in recent months:
- email-techcrunch[.]com
- hr-techcrunch[.]com
- interview-techcrunch[.]com
- mail-techcrunch[.]com
- media-techcrunch[.]com
- noreply-tc-techcrunch[.]com
- noreply-techcrunch[.]com
- pr-techcrunch[.]com
- techcrunch-outreach[.]com
- techcrunch-startups[.]info
- techcrunch-team[.]com
- techcrunch[.]ai
- techcrunch[.]biz[.]id
- techcrunch[.]bz
- techcrunch[.]cc
- techcrunch[.]ch
- techcrunch[.]com[.]pl
- techcrunch[.]gl
- techcrunch[.]gs
- techcrunch[.]id
- techcrunch[.]it
- techcrunch[.]la
- techcrunch[.]lt
- techcrunch[.]net[.]cn
- techcrunch1[.]com
