Investigating Relay Scams: What’s New in Your Spam?

Whenever Rishsec spots a new Bugcrowd Relay email quietly sitting in her spam folder, her instinct is immediate — “Let’s investigate.”

Blue cap on, Threat Intelligence mode: switched on.

Welcome to my blog — back after a short break. Today, we’re taking a closer look at the latest updates in Bugcrowd Relay scams. In case you missed it, I’ve linked the previous blog where we discussed the reasons behind these emails and broke down their methodology.

This time, we’re going a step further — comparing the newly evolved themes and analyzing which ones are psychologically more likely to succeed. It’s a fascinating shift, and it says a lot about how tactics evolve over time.

Without further delay, let’s dive right in.

Different themes:

To summarize, we saw three different themes, one proposing a quote for purchase, one being about a lawsuit suggesting out of court mediation, targeting Brazilian Federal Revenue, and jackpots. I believe there are more themes, but I’ll probably keep it for blog #3.

Theme 1: Quote and Invoices

Every email follows a subject with a particular email address that is relayed via this bug bounty platform, and addresses my email, followed by the…