Bogus Bug Reports as Phishbait, Scams

Some bug bounty seekers are using extortionist or fear-mongering tactics in an effort to get paid for reporting trivial flaws, according to Chester Wisniewski at Sophos. He calls them “beg bounty” attempts. Wisniewski explains that, “‘Beg bounty’ queries run the gamut from honest, ethical disclosures that share all the needed information and hint that it might be nice if you were to send them a reward, to borderline extortion demanding payment without even providing enough information to determine the validity of the demand.”
Read More

Please follow and like us:
MENU