bugs in your site
This email below has been confirmed as malicious or fraudulent by the Information Security department. If you have received this phishing email, do not open any attachments or follow the link(s) in the message; simply delete the email.This is a new type of Phish where the person is offering up their services to help identify some vulnerabilities. They are hoping you will pay them for the information they give you. If not, they are counting on you feeling like they will exploit the vulnerabilities if you don’t pay.
There are actually some Bug Bounty Programs and ethical hackers who use them. However, Bad Actors (unethical hackers) take advantage of that to get information and possibly funds. One Red Flag is they don’t mention the site. An ethical hacker would tell you on which site they found the vulnerabilities.
If you manage or own a website and you receive an email like this. Do not respond to them. If you are concerned you might really have a vulnerability, you can ask to have a vulnerability scan run against your website. You can request a scan using this service in My Service Center (there is no charge for the scan).
https://uthscsa.teamdynamix.com/TDClient/2009/Portal/Requests/ServiceDet?ID=30880
