Thank you for reading TechCrunch. We want to quickly discuss an important matter. A growing number of scammers are impersonating TechCrunch reporters and event leads to contact companies. These individuals are falsely claiming to be our staff. They are using our name and reputation to try and deceive unsuspecting businesses. This activity is deeply frustrating to us, and we are infuriated on your behalf.
This problem tends to ebb and flow. Currently, judging by the increased number of emails we receive asking if a person really works for us, it appears to be happening more actively. This is not an issue unique to TechCrunch. Fraudsters are exploiting the trust associated with established news brands across the media industry to get their foot in the door with companies.
One common scheme we are tracking involves impostors pretending to be our reporters to extract sensitive business information. In several known cases, scammers have adopted the identities of actual staff members. They craft what looks like a standard media inquiry about a company’s products and then request an introductory call.
Sometimes sharp-eyed recipients catch discrepancies in email addresses that do not match our real employees’ credentials. However, these schemes evolve quickly. Bad actors keep refining their tactics by mimicking reporters’ writing styles and referencing startup trends to make their pitches more convincing. Equally troubling, victims who agree to phone interviews report that the fraudsters use those calls to dig for even more proprietary details. For example, a public relations representative noted that someone posing as a TechCrunch reporter raised suspicions when they shared a scheduling link.
We do not know the exact motive behind these actions, but a reasonable guess is that these are groups looking for initial access to a network or other sensitive information. In fact, former colleagues report that these attempts align with a persistent threat actor who has historically engaged in TechCrunch impersonation to facilitate account takeover and data theft. This actor often targets cryptocurrency, cloud, and other tech companies using various pretexts.
If someone reaches out claiming to be from TechCrunch and you have any doubt about their legitimacy, please do not take their word for it. We have made it easy for you to verify their identity. Start by checking our staff page. It is the quickest way to see if the person contacting you actually works here. If their name is not on our roster, you have your answer.
If you do see a name on our staff page, but the employee’s job description does not match the request you are receiving, a bad actor may be trying to con you. For instance, if a TechCrunch copy editor is suddenly very interested in learning about your business, that is a red flag.
If a request seems legitimate but you want to be absolutely certain, please feel free to contact us directly and ask. You can learn how to reach each writer, editor, sales executive, marketing professional, and events team member in our bios.
We know it is frustrating to have to double-check media inquiries, but these groups are counting on you not taking that extra step. By being vigilant about verification, you are not just protecting your own company. You are also helping to preserve the trust that legitimate journalists depend on to do their jobs.
For your future reference, here is a list of some TechCrunch impersonating domains we have seen created in the last few months: email-techcrunch.com, hr-techcrunch.com, interview-techcrunch.com, mail-techcrunch.com, media-techcrunch.com, noreply-tc-techcrunch.com, noreply-techcrunch.com, pr-techcrunch.com, techcrunch-outreach.com, techcrunch-startups.info, techcrunch-team.com, techcrunch.ai, techcrunch.biz.id, techcrunch.bz, techcrunch.cc, techcrunch.ch, techcrunch.com.pl, techcrunch.gl, techcrunch.gs, techcrunch.id, techcrunch.it, techcrunch.la, techcrunch.lt, techcrunch.net.cn, and techcrunch1.com.