\n<\/p>\n
Hi, thanks as always for reading TechCrunch. We want to talk with you quickly about something important. <\/p>\n
A growing number of scammers are impersonating TechCrunch reporters, editors, and event leads and reaching out to companies, pretending to be our staff when they absolutely are not. (Here is a list of all of our actual staff<\/a>.) These bad actors are using our name and reputation to try to dupe unsuspecting businesses. It drives us crazy and infuriates us on your behalf. Judging by the increased number of emails we\u2019re receiving, asking, \u201cDoes this person really work for you?\u201d it appears to be happening more actively at the moment.<\/p>\n Anecdotally, this isn\u2019t just happening to us; fraudsters are exploiting the trust that comes with established news brands to get their foot in the door with companies across the media industry.<\/p>\n Here\u2019s an example of the most common scheme we\u2019ve been tracking: Impostors are impersonating our reporters to extract sensitive business information from unsuspecting targets. In several cases we know about, scammers have adopted the identity of actual staff members, crafting what looks like a standard media inquiry about a company\u2019s products and requesting an introductory call.<\/p>\n Sharp-eyed recipients sometimes catch discrepancies in email addresses that don\u2019t match our real employees\u2019 credentials (see a list of bogus email addresses below). But more recently, they are hearing from fake reporters who claim to have address conventions that do<\/em> match our own, making it tricker to recognize a TechCrunch employee from someone else claiming to be one. <\/p>\n Indeed, the schemes evolve quickly; bad actors keep refining their tactics, mimicking reporters\u2019 writing styles, and referencing startup trends to make their pitches increasingly convincing. Equally troubling, victims who agree to phone interviews tell us the fraudsters use those exchanges to dig for even more proprietary details. A PR rep told Axios<\/a> that someone posing as a TechCrunch reporter raised suspicions when they shared a scheduling link.<\/p>\n Why are these bad actors doing this? We don\u2019t know, though a reasonable guess is that these are groups looking for initial access to a network or other\u00a0sensitive information. In fact, former colleagues at Yahoo say these attempts align with a persistent threat actor they\u2019ve been tracking who has historically engaged in TechCrunch impersonation to facilitate account takeover (ATO) and data theft, targeting cryptocurrency, cloud, and other tech companies using various pretexts.<\/p>\n As for what to do about it, if someone reaches out claiming to be from TechCrunch and you have even the slightest doubt about whether they\u2019re legitimate, please don\u2019t just take their word for it. We\u2019ve made it easy for you to verify.<\/p>\n Start by checking our TechCrunch staff page<\/a>. It\u2019s the quickest way to see if the person contacting you actually works here. If the individual\u2019s name isn\u2019t on our roster, you\u2019ve got your answer right there.<\/p>\n If you do see someone\u2019s name on our staff page, but our employee\u2019s job description doesn\u2019t square with the request you are receiving (e.g., a TechCrunch copy editor is suddenly very interested in learning about your business!), a bad actor may be trying to con you.<\/p>\n If it sounds like a legitimate request but you want to make doubly certain, you should also feel free to contact us directly and ask. You can learn how to reach each writer, editor, sales executive, marketing guru, and events team member in our bios.<\/p>\n