Better known as Beg Bounties. https://www.troyhunt.com/beg-bounties/
It's a thing. On Thu, 3 Mar 2022 at 09:32, Brie <br...@2mbit.com> wrote: > > I just got this in my e-mail... > > ------ > From: xxxxxxx <xxxxxxxx...@iqra.edu.pk> > Date: Thu, 3 Mar 2022 03:14:03 +0500 > Message-ID: <xxxxxxxxxxxxxxxxxxxxxxxxxxxxx...@mail.gmail.com> > Subject: Found Security Vulnerability > To: undisclosed-recipients:; > Bcc: sxxxxxx...@ahbl.org > > Hi Team > > I am a web app security hunter. I spent some time on your website and found > some vulnerabilities. I see on your website you take security very > passionately. > > Tell me will you give me rewards for my finding and responsible > disclosure? if Yes, So tell me where I send those vulnerability reports? > share email address. > > Thank you > > Good day, I truly hope it treats you awesomely on your side of the screen :) > > xxxxx Security > ------ > > > Is soliciting for money/rewards when the site makes no indication they > offer them a common thing now? > > If you want to see a copy of the original message, let me know off list > and I'll send it to you. > > > -- > Brielle Bruns > The Summit Open Source Development Group > http://www.sosdg.org / http://www.ahbl.org