www.infosecurity-magazine.com Open in urlscan Pro
18.155.129.60  Public Scan

Form analysis
2 forms found in the DOM

GET https://www.infosecurity-magazine.com/search/

<form method="get" action="https://www.infosecurity-magazine.com/search/" role="search">
  <input type="search" name="q" class="form-control" placeholder="Search site…" aria-label="Search keywords" required="required">
  <button type="submit" class="form-button with-icon">
    <svg viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg" role="img" aria-label="Search">
      <path d="M15 15L21 21M10 17C6.13401 17 3 13.866 3 10C3 6.13401 6.13401 3 10 3C13.866 3 17 6.13401 17 10C17 13.866 13.866 17 10 17Z" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"></path>
    </svg>
  </button>
</form>

GET https://www.infosecurity-magazine.com/search/

<form method="get" action="https://www.infosecurity-magazine.com/search/" role="search">
  <input type="search" name="q" class="form-control" placeholder="Search Infosecurity Magazine…" aria-label="Search keywords" required="required">
  <input type="submit" value="Search" class="form-button">
</form>

Text Content

 * Log In
 * Sign Up

 * 

 * News
 * Magazine Features
 * Opinions
 * News Features
 * Interviews
 * Editorial
 * Blogs
 * Reviews
 * Slackspace
 * Next-Gen Infosec
 * Webinars
 * White Papers
 * Podcasts
 * Industry Events & Training
 * Magazine Events
 * Online Summits
 * Company Directory

 * Application Security
 * Automation
 * Big Data
 * Business Continuity
 * Cloud Security
 * Compliance
 * Cybercrime
 * Data Protection
 * Digital Forensics
 * Encryption
 * Human Factor
 * Identity Access Management
 * Industry Announcements
 * Internet Security
 * Malware
 * Managed Services
 * Mobile Security
 * Network Security
 * Payment Security
 * Physical and Information Security Convergence
 * Privacy
 * Risk Management
 * The Internet of Things

 * Log In
 * Sign Up

 * 
 * News
 * Topics
 * Features
 * Webinars
 * White Papers
 * Podcasts
 * EventsEvents & Conferences
 * Directory
 * * 

Infosecurity Magazine Home » News » Experts Warn of “Beg Bounty” Extortion
Attempts


EXPERTS WARN OF “BEG BOUNTY” EXTORTION ATTEMPTS

News 9 Feb 2021


WRITTEN BY


PHIL MUNCASTER

UK / EMEA News Reporter, Infosecurity Magazine

 * Email Phil
 * Follow @philmuncaster

 * 
 * 
 * 

Sophos has warned businesses to be on the lookout for unsolicited and often
generic emails attempting to extract a bug bounty from them with borderline
extortion tactics.

So-called “beg bounty” messages typically involve automated scanning for basic
misconfigurations or vulnerabilities, followed by a cut-and-paste of the results
into a pre-defined email template, explained Sophos principal research
scientist, Chester Wisniewski.

Small businesses are typical targets: even though they do not have a bug bounty
program, and perhaps because of this fact, the senders often believe they may be
more inclined to pay.

“Beg bounty queries run the gamut from honest, ethical disclosures that share
all the needed information and hint that it might be nice if you were to send
them a reward, to borderline extortion demanding payment without even providing
enough information to determine the validity of the demand,” said Wisniewski.

“Knowing these businesses did not have a bug bounty program and in fact probably
didn’t even know what code ran their website, it seemed odd for a legitimate
researcher to be wasting their time on the smallest fish in the pond.”

The Sophos scientist was able to gather and analyze a few sample beg bounty
incidents, which featured varying degrees of professionalism. Some leant more
towards extortion and one contained factually inaccurate information, referring
to an organization’s lack of DMARC as a “vulnerability in your website.”

Wisniewski warned of reports claiming that engaging with the bounty hunter could
lead to a slew of further bug reports and demands for more payment.

He urged small business owners to take the emails and the issues they raise
seriously, but to not engage with the sender, and instead seek out a reputable
security provider.

“Most of the bugs that were found were not even bugs. They were simply internet
scans that discovered the lack of an SPF or DMARC record. Others were genuine
vulnerabilities that could be easily found without skill by using freely
available tools,” he concluded.

“None of the vulnerabilities I investigated were worthy of a payment. The
problem is that there are millions of poorly secured sites owned by small
businesses that don’t know any better and are intimidated into paying for
services out of fear.”




YOU MAY ALSO LIKE


 1. SUDOKU MALWARE TEASES USERS
    
    News20 Dec 2012


 2. #INFOSECURITYEUROPE: HACKERS ARE THE IMMUNE SYSTEM OF THE DIGITAL AGE
    
    News22 Jun 2023


 3. SIGNED MICROSOFT DRIVERS USED IN ATTACKS AGAINST BUSINESSES
    
    News14 Dec 2022


 4. UBER HACKER MAY HAVE COMPROMISED SECRET BUG REPORTS
    
    News16 Sep 2022


 5. INTERPOL BUSTS ASIAN SEXTORTION SYNDICATE
    
    News6 Sep 2022


WHAT’S HOT ON INFOSECURITY MAGAZINE?

 * Read
 * Shared
 * Watched
 * Editor's Choice


MANCHESTER UNIVERSITY BREACH VICTIMS HIT WITH TRIPLE EXTORTION

News23 Jun 2023
1


#INFOSECURITYEUROPE CASE STUDY: ATTACK SURFACE OPERATIONS AT NATIONWIDE

News22 Jun 2023
2


AON HACK EXPOSED SENSITIVE INFORMATION OF 146,000 CUSTOMERS

News8 Jul 2022
3


NCSC UPDATES CYBERSECURITY GUIDANCE FOR THE LEGAL SECTOR

News23 Jun 2023
4


#INFOSECURITYEUROPE: HOW GENERATIVE AI CAN BE A FORCE FOR GOOD IN CYBERSECURITY
(VIDEO)

Interview22 Jun 2023
5


INFOSEC BUDGET: CREATING BARRIERS TO A CYBERSECURITY CULTURE

Opinion13 Feb 2017
6



OVER 100,000 CHATGPT ACCOUNTS FOUND IN DARK WEB MARKETPLACES

News20 Jun 2023
1


MILLIONS OF UK UNIVERSITY CREDENTIALS FOUND ON DARK WEB

News19 Jun 2023
2


US OFFERS $10M REWARD FOR MOVEIT ATTACKERS

News19 Jun 2023
3


#INFOSECURITYEUROPE: HALL OF FAME INDUCTEE BECKY PINKARD HIGHLIGHTS HER CAREER
(VIDEO)

Interview21 Jun 2023
4


EU PASSES LANDMARK ARTIFICIAL INTELLIGENCE ACT

News14 Jun 2023
5


FIVE WAYS TO EDUCATE THE NATIONAL WORKFORCE ON CYBER HYGIENE

Blog14 Jun 2023
6



STRATEGIC SHIELD: LEVERAGING THREAT INTELLIGENCE FOR SECURITY RESILIENCE

Webinar8 Jun 2023
1


HOW TO TRANSFER DATA SECURELY WHEN MOVING TO THE CLOUD

Webinar11 May 2023
2


THE GROWING IMPORTANCE OF DIGITAL FORENSICS AND INCIDENT RESPONSE IN CORPORATE
ENVIRONMENTS

Webinar23 May 2023
3


THE CHATGPT REVOLUTION: THE ROLE OF LARGE LANGUAGE MODELS IN ENTERPRISE IT

Webinar18 May 2023
4


ADAPTING YOUR DATA SECURITY STRATEGY TO THE LATEST CYBER THREATS

Webinar3 May 2023
5


COMBATING INFOSEC COMPLIANCE FATIGUE: PAIN POINTS AND BEST PRACTICES

Webinar30 Mar 2023
6



INSIDER RISK: HOW TO KEEP YOUR DATA SAFE IN A HYBRID WORKING WORLD

Webinar13 Jul 2023, 15:00 BST , 10:00 EDT
1


#INFOSECURITYEUROPE: SECURITY TRAINING NEEDS TO NUDGE, NOT NAG

News21 Jun 2023
2


COUNTERING TODAY’S TOP EMAIL THREATS: A TEAM EFFORT

Webinar29 Jun 2023, 15:00 BST , 10:00 EDT
3


#INFOSECURITYEUROPE: THE UNIQUE CHALLENGES OF WEB AND BROWSER SECURITY (VIDEO)

Interview21 Jun 2023
4


#INFOSECURITYEUROPE: SECURITY TRAINING FAILURES IMPACTING DIGITAL TRANSFORMATION

News21 Jun 2023
5


#INFOSECURITYEUROPE: NOVEL SOLUTIONS FOR DATA MANAGEMENT IN THE AGE OF DATA
COLLECTION (VIDEO)

Interview21 Jun 2023
6



THE MAGAZINE

 * About Infosecurity
 * Meet the team
 * Contact us


ADVERTISERS

 * Media pack


CONTRIBUTORS

 * Forward features
 * Op-ed
 * Next-gen submission

 * 
 * 
 * 

 * Copyright © 2023 Reed Exhibitions Ltd.
 * Terms and Conditions
 * Privacy Policy
 * Intellectual property statement
 * Cookie Policy
 * Sitemap
 * Cookies Settings





We use cookies to analyse and improve our service, to improve and personalise
content, advertising and your digital experience. We also share information
about your use of our site with our social media, advertising and analytics
partners. Cookie Policy

Accept All Cookies
Cookies Settings



COOKIE PREFERENCE CENTRE

We process your information, to deliver content or advertisements and measure
the delivery of such content or advertisements, extract insights, and generate
reports to understand service usage; and/or accessing or storing information on
devices for that purpose.

You can choose not to allow some types of cookies. However, blocking some types
of cookies may impact your experience of the site and the services we are able
to offer. Click on the different category headings to find out more, to change
our default settings, and/or view the list of Google Ad-Tech Vendors.


Cookie Policy



MANAGE CONSENT PREFERENCES

STRICTLY NECESSARY COOKIES

Always Active
Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched
off in our systems. They are usually only set in response to actions made by you
which amount to a request for services, such as setting your privacy
preferences, logging in or filling in forms. You can set your browser to block
or alert you about these cookies, but some parts of the site will not then work.
These cookies do not store any personally identifiable information.



Cookies Details‎

PERFORMANCE COOKIES

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and
improve the performance of our site. They help us to know which pages are the
most and least popular and see how visitors move around the site.

Cookies Details‎

FUNCTIONAL COOKIES

Functional Cookies

These cookies enable the website to provide enhanced functionality and
personalisation. They may be set by us or by third party providers whose
services we have added to our pages. If you do not allow these cookies then some
or all of these services may not function properly.

Cookies Details‎

TARGETING COOKIES

Targeting Cookies

These cookies may be set through our site by our advertising partners. They may
be used by those companies to build a profile of your interests and show you
relevant adverts on other sites. If you do not allow these cookies, you will
experience less targeted advertising.

Cookies Details‎

UNCATEGORISED COOKIES

Uncategorised cookies

Uncategorised cookies are cookies that we are in the process of classifying,
together with the providers of individual cookies.

Cookies Details‎
Confirm My Choices

Back Button

Back


PERFORMANCE COOKIES



Vendor Search Search Icon Filter Icon


Clear Filters

Information storage and access
Apply
Consent Leg.Interest

All Consent Allowed

Select All Vendors
Select All Vendors
All Consent Allowed

 * HOST DESCRIPTION
   
   View Cookies
   
   REPLACE-WITH-DYANMIC-HOST-ID
    * Name
      cookie name

Confirm My Choices