impersonators are (still) targeting companies with fake techcrunch outreach

TechCrunch Warns of Increasing Impersonation Scams

We are addressing a critical issue that requires your immediate attention. A concerning rise in fraudulent activity involves individuals falsely representing themselves as TechCrunch reporters and event personnel.

Scammers Exploiting TechCrunch's Reputation

These malicious actors are leveraging the TechCrunch brand to deceive businesses. They aim to gain trust through misrepresentation, and this trend is causing significant concern. We've observed a recent surge in inquiries asking us to verify the authenticity of individuals claiming affiliation with our organization.

This issue isn’t isolated to TechCrunch; similar exploitation of established news brands is occurring throughout the media landscape, allowing fraudsters to gain initial access to potential targets.

Common Scam Tactics

The most prevalent scheme involves impostors posing as our journalists to solicit confidential business details. Scammers often mimic the communication style of actual staff members, initiating contact with seemingly standard media requests and proposing introductory conversations.

While some recipients identify fraudulent emails through mismatched addresses, the sophistication of these scams is increasing. Impostors are now utilizing email conventions that closely resemble legitimate TechCrunch formats, making detection more difficult.

These schemes are constantly evolving, with bad actors refining their techniques and referencing current startup trends to enhance their credibility. Victims who engage in phone calls report that these conversations are used to extract even more proprietary information.

Motives Behind the Scams

The precise motivations remain unclear, but it’s likely these groups seek initial access to networks or other sensitive data. Reports from former colleagues at Yahoo suggest a connection to a persistent threat actor known for previous TechCrunch impersonations, aimed at account takeover and data theft, particularly targeting companies in the cryptocurrency and cloud sectors.

How to Protect Yourself

If you receive unsolicited communication from someone claiming to represent TechCrunch, exercise extreme caution. Do not rely solely on their claims of affiliation.

Verification Steps

• Check Our Staff Page: The quickest method is to verify the individual’s name on our official TechCrunch staff page.
• Review Job Descriptions: If a name appears on the staff page, ensure the individual’s role aligns with the nature of the request.
• Contact Us Directly: For further confirmation, contact us directly through the contact information provided in our staff bios.

We understand that verifying media inquiries can be inconvenient, but these scammers rely on your lack of scrutiny. Your vigilance protects not only your company but also the integrity of legitimate journalism.

Known Fraudulent Domains

For your reference, here is a list of domains used in recent TechCrunch impersonation attempts:

• email-techcrunch[.]com
• hr-techcrunch[.]com
• interview-techcrunch[.]com
• mail-techcrunch[.]com
• media-techcrunch[.]com
• noreply-tc-techcrunch[.]com
• noreply-techcrunch[.]com
• pr-techcrunch[.]com
• techcrunch-outreach[.]com
• techcrunch-startups[.]info
• techcrunch-team[.]com
• techcrunch[.]ai
• techcrunch[.]biz[.]id
• techcrunch[.]bz
• techcrunch[.]cc
• techcrunch[.]ch
• techcrunch[.]com[.]pl
• techcrunch[.]gl
• techcrunch[.]gs
• techcrunch[.]id
• techcrunch[.]it
• techcrunch[.]la
• techcrunch[.]lt
• techcrunch[.]net[.]cn
• techcrunch1[.]com