PR pros face new wave of phishing attacks from fake journalists
Add Axios as your preferred source to
see more of our stories on Google.
Illustration: Aïda Amer/Axios
Public relations professionals and their clients are the latest targets for online phishing attempts, with bad actors pretending to be members of the media.
Why it matters: Eager PR reps, company executives and brand ambassadors are highly susceptible to these sort of scams. Plus, AI has made phishing increasingly sophisticated in recent months.
Driving the news: TechCrunch recently acknowledged fake accounts were impersonating its staff members and direct messaging executives on social media, asking to set up interviews.
- "Good morning, Maria representing TechCrunch here," one X direct message shared with Axios read.
- "We're launching a new podcast series exploring AI's transformative impact across industries. Given your expertise, your insights would offer invaluable perspectives on the evolving AI landscape. We'd love to feature your voice in this conversation. If you're interested, let me know so that I can discuss further specifics. I can be reached here via Twitter/X messages or via [email protected] Thanks so much! - Maria, Emerging Tech Writer, TechCrunch."
Reality check: On its face, this seems like a valid press inquiry, but sometimes direct outreach like this is too good to be true.
- After being told a PR rep would be in touch, "Maria" instead shared a link to schedule time to connect. This set off alarm bells for the client and PR team.
What they're saying: That is why having PR support and a vetting protocol in place is so important, said Tania Zaparaniuk, founder of Poppy Strategies.
- "It's challenging right now to secure press [coverage], and so imagine how exciting that kind of inbound might feel," she said. "The instinct might be to quickly click and engage to secure the story, especially knowing how fast the media moves."
- "And those who don't have comms support, which I understand is a reality, are much more vulnerable to these attacks."
By the numbers: Phishing attempts have been on the rise, up about 17% since September of last year, according to a report by cybersecurity company KnowBe4.
- 83% of phishing emails used AI, up 53% year over year, per the same report.
- Meanwhile, 8 out of 10 organizations have had at least one person fall victim to a phishing attempt, according to a report by the Cybersecurity and Infrastructure Security Agency.
Zoom in: What makes media inquiries even more ripe for scammers is the fact that reporters' preferred channels of communication vary.
- When corporations or government entities are impersonated by bad actors, they can typically respond with clear guidance for how and when to expect official communications to be delivered, Zack Condry, managing partner at Watermark Strategies, pointed out.
Yes, but: With reporters and new media influencers, there are no clear guidelines, which means comms teams have to be extra diligent.
- Founders and early-stage startups should be particularly on guard, Zaparaniuk said.
- She added these bad actors appear to be "targeting people who might be predisposed to moving at a fast pace. And in the era of 'go direct,' where founders are encouraged to manage their own PR outreach, these [phishing attempts] can exploit this dynamic."
What to watch: Hackers are abusing AI tools to create more sophisticated phishing sites.
- Due to the rise in AI slop and growing sense of distrust, "there is going to come a time, and it might be sooner rather than later, where personal interaction and personal connection is going to be the coin of the realm," Condry said.
💭 Thought bubble from Axios cybersecurity reporter Sam Sabin: "Phishing emails can be a gateway to several types of cybercrime, from run-of-the-mill gift card scams to more serious malware downloads.
- "If something feels suspicious, practice polite paranoia and try reaching out to the reporter through a different channel, like social media, or start a new email thread."
More on Axios:
