Scammers Impersonate TechCrunch Reporters to Target Companies

TechCrunch is warning companies about a growing scam: fraudsters impersonating its reporters and event leads to extract sensitive business information. These bad actors adopt real staff names, craft plausible media inquiries, and sometimes follow up with phone interviews to dig for proprietary details.

How the scheme works

Scammers typically impersonate actual TechCrunch staff, sending what looks like a standard media pitch and requesting an introductory call. They refine their messages—mimicking writing style and industry references—to appear authentic. When targets agree to a call, the impostors often probe for network access, product roadmaps, or other proprietary information.

Red flags to watch for

• Sender email that doesn’t match the outlet’s official domain or has subtle typos
• Requests for proprietary details, internal documents, or network access during an initial interview
• Inconsistencies between the claimed role of the contact and the question they’re asking

Practical verification steps

1. Check the outlet’s staff page first. If the name isn’t listed, treat the request as suspicious.
2. Confirm the request via a known internal contact or the outlet’s official channels before sharing anything.
3. Inspect email headers and sender domains, and require written confirmation on an official corporate address for sensitive follow-ups.
4. Don’t provide proprietary information on unsolicited calls. Route media requests through your PR or legal team.

If you’re unsure, contact the publication directly using contact info from their site. TechCrunch has asked recipients to verify via its staff page or contact the newsroom when in doubt.

Why this matters beyond one outlet

Impersonation attacks exploit trust in established brands to gain initial access or reconnaissance. For startups and enterprises alike, a single misdirected conversation can expose product roadmaps, partnerships, or network credentials—information attackers can use in later phases of compromise.

Steps organizations should take now

Start with simple controls: adopt an internal verification workflow for media requests, train staff to spot impersonation tactics, and add brand-monitoring to detect fake accounts and spoofed emails. For higher-risk teams—R&D, sales, and executive offices—use simulated social-engineering exercises and clear escalation paths so suspicious contacts are vetted before any sensitive information is shared.

QuarkyByte’s approach combines pattern analysis with pragmatic defenses: we help organizations map likely impersonation vectors, build repeatable verification playbooks, and run realistic simulations so teams learn to pause and verify. That reduces the chance an opportunistic fraudster turns a routine media request into an initial access event.

TechCrunch’s message is simple: don’t take media requests at face value. A quick check of an outlet’s staff page or a direct confirmation through official channels can stop a scam before it starts—and help protect your company’s data and reputation.