FYI: Impersonators are (still) targeting companies with fake TechCrunch outreach

Hi, thanks as always for reading TechCrunch. We want to talk with you quickly about something important.

A growing number of scammers are impersonating TechCrunch reporters, editors, and event leads and reaching out to companies, pretending to be our staff when they absolutely are not.

(Here is a list of all of our actual staff. )

These bad actors are using our name and reputation to try to dupe unsuspecting businesses.

It drives us crazy and infuriates us on your behalf. Judging by the increased number of emails we’re receiving, asking, “Does this person really work for you?” it appears to be happening more actively at the moment.

Anecdotally, this isn’t just happening to us; fraudsters are exploiting the trust that comes with established news brands to get their foot in the door with companies across the media industry.

Here’s an example of the most common scheme we’ve been tracking: Impostors are impersonating our reporters to extract sensitive business information from unsuspecting targets.

In several cases we know about, scammers have adopted the identity of actual staff members, crafting what looks like a standard media inquiry about a company’s products and requesting an introductory call. Sharp-eyed recipients sometimes catch discrepancies in email addresses that don’t match our real employees’ credentials (see a list of bogus email addresses below).

But more recently, they are hearing from fake reporters who claim to have address conventions that do match our own, making it tricker to recognize a TechCrunch employee from someone else claiming to be one.

Indeed, the schemes evolve quickly; bad actors keep refining their tactics, mimicking reporters’ writing styles, and referencing startup trends to make their pitches increasingly convincing. Equally troubling, victims who agree to phone interviews tell us the fraudsters use those exchanges to dig for even more proprietary details. A PR rep told Axios that someone posing as a TechCrunch reporter raised suspicions when they shared a scheduling link. Why are these bad actors doing this? We don’t know, though a reasonable guess is that these are groups looking for initial access to a network or other sensitive information.

In fact, former colleagues at Yahoo say these attempts align with a persistent threat actor they’ve been tracking who has historically engaged in TechCrunch impersonation to facilitate account takeover (ATO) and data theft, targeting cryptocurrency, cloud, and other tech companies using various pretexts.

As for what to do about it, if someone reaches out claiming to be from TechCrunch and you have even the slightest doubt about whether they’re legitimate, please don’t just take their word for it. We’ve made it easy for you to verify. Start by checking our TechCrunch staff page. It’s the quickest way to see if the person contacting you actually works here. If the individual’s name isn’t on our roster, you’ve got your answer right there. If you do see someone’s name on our staff page, but our employee’s job description doesn’t square with the request you are receiving (e. , a TechCrunch copy editor is suddenly very interested in learning about your business!

), a bad actor may be trying to con you.

If it sounds like a legitimate request but you want to make doubly certain, you should also feel free to contact us directly and ask. You can learn how to reach each writer, editor, sales executive, marketing guru, and events team member in our bios.

If you’re not sure a message is legitimate, our staff also have alternate communication methods listed in their official bio pages.

Reach out using one of those alternate methods to confirm. We know it’s frustrating to have to double-check media inquiries, but these groups are counting on you not taking that extra step. By being vigilant about verification, you’re not just protecting your own company — you’re also helping preserve the trust that legitimate journalists depend on to do their jobs. And for your future reference, here’s a list of some of the TechCrunch impersonating domains that we’ve seen created within the last few months. None of these are affiliated with us: