Rising Impersonation Fraud: How to Protect Your Company from Scammers Impersonating TechCrunch

Recently, there has been a noticeable increase in the phenomenon of impersonating TechCrunch journalists and event officials. These scammers target companies, claiming to be employees of TechCrunch with the aim of fraud. These fraudsters rely on TechCrunch's prestigious name and reputation to deceive unsuspecting companies. The increase in the number of emails TechCrunch receives inquiring about the authenticity of callers indicates a rise in this online fraud.

Definition of Impersonation Fraud

Impersonation fraud is a deceptive act in which a perpetrator pretends to be someone else, with the aim of exploiting unsuspecting victims to obtain sensitive information or achieve illicit gains. This is often done online, by creating fake accounts or using a forged identity on social media platforms or email to deceive others, and can lead to data theft or financial fraud. Source: Bitdefender, Source: Bolster.ai.

This is not limited to TechCrunch only; fraudsters exploit the trust placed in well-known news brands to infiltrate companies across the media industry. Among the most common fraud methods tracked are impersonating journalists to extract sensitive business information from victims. In several cases, fraudsters adopted the identities of real employees, crafted seemingly natural media inquiries about the company's products, and requested an introductory call.

Discerning recipients sometimes notice discrepancies in email addresses that do not match real employee credentials. However, these fraudulent schemes are evolving rapidly; fraudsters continue to refine their tactics, mimicking journalists' writing styles, and referencing startup trends to make their offers more convincing. These methods are also known as social engineering, where victims are manipulated into providing confidential information. Source: Unit21.ai.

Equally alarming is that victims who agree to phone interviews tell TechCrunch that fraudsters use these exchanges to seek more private details. A public relations representative told Axios that someone impersonating a TechCrunch journalist raised suspicions when sharing a scheduling link.

The reason behind their actions remains uncertain, but a logical guess is that these groups are seeking initial access to a network or other sensitive information. Indeed, former Yahoo colleagues say these attempts align with an ongoing threat they had been tracking, which historically engaged in TechCrunch impersonation to facilitate account takeovers and data theft, targeting cryptocurrency, cloud, and other tech companies using various pretexts.

How to Protect Your Company from Impersonation Fraud?

If someone contacts you claiming to be from TechCrunch and you have the slightest doubt about the authenticity of their identity, do not take their word for it. Vigilance should be your first line of defense against these types of digital fraud.

Verify the official staff page: Start by checking the TechCrunch staff page. It's the quickest way to find out if the person contacting you actually works there. If the individual's name is not on the staff list, you have your answer there.

Suspect unexpected requests: If you see someone's name on the staff page, but the employee's job description does not fit the request you are receiving (for example, a TechCrunch editor suddenly very interested in your work!), it could be a fraudster trying to deceive you.

Contact the official entity directly: If the request seems legitimate but you want to be absolutely sure, do not hesitate to contact TechCrunch directly and inquire. You can find out how to reach every writer, editor, sales manager, marketing expert, and events team member in their bios.

It is frustrating to have to double-check media inquiries, but these groups rely on you not taking that extra step. By being vigilant about verification, you not only protect your company but also help maintain the trust that legitimate journalists rely on to do their work.

Consequences of Impersonation Fraud

Falling victim to impersonation fraud can lead to severe consequences, extending beyond mere information theft. This can include financial losses, data breaches, reputational damage, and even access to sensitive company networks. Source: Sanction Scanner, Source: Forbes. Staying aware of fraudsters' tactics is vital to protecting your company's digital assets.

Fake TechCrunch Domains to Watch Out For

For future reference, here is a list of some TechCrunch impersonation domains that have been created in the past few months. It is always advised to verify the email address and domain with extreme care when dealing with any communication claiming to be from TechCrunch:

• email-techcrunch[.]com
• hr-techcrunch[.]com
• interview-techcrunch[.]com
• mail-techcrunch[.]com
• media-techcrunch[.]com
• noreply-tc-techcrunch[.]com
• noreply-techcrunch[.]com
• pr-techcrunch[.]com
• techcrunch-outreach[.]com
• techcrunch-startups[.]info
• techcrunch-team[.]com
• techcrunch[.]ai
• techcrunch[.]biz[.]id
• techcrunch[.]bz
• techcrunch[.]cc
• techcrunch[.]com[.]pl
• techcrunch[.]gl
• techcrunch[.]gs
• techcrunch[.]id
• techcrunch[.]it
• techcrunch[.]la
• techcrunch[.]lt
• techcrunch[.]net[.]cn
• techcrunch1[.]com