Hello, thanks as always for reading TechCrunch. We want to talk to you urgently about something important.
A growing number of scammers are impersonating TechCrunch reporters, editors, and event leaders and reaching out to companies, pretending to be our employees when they aren’t at all. (Here’s a list of all our real employees.) These bad actors use our name and reputation to try to scam unsuspecting businesses. It makes us mad and angry in your name. Judging by the increasing number of emails we receive, they ask, “Is this person really working for you?” seems to be happening very actively at the moment.
Undoubtedly, this does not just happen to us; Fraudsters exploit the trust that comes with established media brands to get their foot in the door with companies across the media industry.
Here’s an example of a very common scheme we’ve been following: Fraudsters pose as our reporters to leak sensitive business information to unsuspecting targets. In the few cases we know of, scammers have assumed the identity of real employees, made what looks like a routine media inquiry about the company’s products and asked for an introductory phone call.
Sharp-eyed recipients sometimes catch discrepancies in email addresses that don’t match our real employee credentials (see list of fake email addresses below). But recently, they heard fake journalists who claim to have conferences to talk about it do matched ours, making it a trick to spot a TechCrunch employee from someone who claims to be one.
Indeed, plans are developing quickly; bad actors continue to refine their tactics, imitating the writing styles of journalists, and identifying trends in implementation to make their maps more and more convincing. Equally troubling, victims who consent to phone conversations tell us that fraudsters use those conversations to mine additional identity information. A PR representative told Axios that someone posing as a TechCrunch reporter raised the allegations when they shared a link to the editorial.
Why are these bad actors doing this? We don’t know, or it’s a reasonable guess whether these groups want first access to the network or other sensitive information. In fact, former colleagues at Yahoo say these efforts are consistent with a persistent threat actor they have been tracking who once participated in TechCrunch’s simulation to facilitate account takeover (ATO) and data theft, targeting cryptocurrency, cloud, and other technology companies using various pretexts.
As for what to do with it, if someone reaches out claiming to be from TechCrunch and you have even the slightest doubt that they are legitimate, please don’t just agree. We’ve made it easy for you to verify.
Get started by checking out our TechCrunch staff page. It’s the fastest way to see if the person you’re contacting actually works here. If someone’s name is not on our list, you have your answer right there.
If you see someone’s name on our staff page, but our job description doesn’t match the request you’re getting (eg, TechCrunch’s copy editor is suddenly very interested in reading about your business!), a bad actor may be trying to trick you.
If it sounds like a legitimate request but you want to be doubly sure, you should also feel free to contact us directly and ask. You can learn how to reach each writer, editor, sales manager, marketing guru, and events team member in our bios.
If you are not sure if the message is legitimate, our staff also have other means of communication listed on their official bio pages. Contact us using one of those methods to confirm.
We know it’s frustrating to double-check media inquiries, but these teams are counting on you not to take that extra step. By being vigilant about accreditation, you’re not only protecting your company — you’re also helping to preserve the trust that legitimate journalists rely on to do their jobs.
Thank you. And for your future reference, here’s a list of other TechCrunch simulation sites we’ve seen created over the past few months. None of these are related to us:
email-techcrunch[.]com
hr-techcrunch[.]com
interview-techcrunch[.]com
mail-techcrunch[.]com
media-techcrunch[.]com
noreply-tc-techcrunch[.]com
noreply-techcrunch[.]com
pr-techcrunch[.]com
techcrunch-access[.]com
techcrunch-startups[.]information
techcrunch team[.]com
techcrunch[.]ai
techcrunch[.]biz[.]id
techcrunch[.]bz
techcrunch[.]cc
techcrunch[.]ch
techcrunch[.]com[.]pl
techcrunch[.]gl
techcrunch[.]Mr
techcrunch[.]id
techcrunch[.]it
techcrunch[.]here
techcrunch[.]Lt
techcrunch[.]the net[.]cn
techcrunch1[.]com
