E-mails about "Vulnerabilities in your site" from Elvin Isaac

19 May 2022

This page early draft and could have significant changes.

Recently I received an e-mail with the subject "Vulnerabilities in your site" from Elvin Isaac. Website owners periodically receive junk e-mails that end up in the trash instantly, but when it comes to website vulnerabilities, is not something that should be easily dismissed, so I did some digging to see if it's a real deal or a scam. I thought it would be wise to share my thoughts so others don't fall for it.

The first flag that this might be a scam was that the e-mail was automatically flagged as spam, meaning multiple people got something similar.

Furthermore, when investigating if this is a legitimate claim, if others received something like this, if Elvin Isaac is a real person, I decided to Google search, nothing came up. But then I noticed that Google showed as suggested related searches the following : "elvin isaac hacker", "elvin isaac bug bounty", "elvin isaac security", so it's pretty clear a bunch of people searched about Elvin Isaac recently.

Below is the e-mail I got:

From: Elvin Isaac <elvin.isaac009 @ ...>
Subject: Vulnerabilities in your site

Hi team,

Hope that you're doing all good and healthy.I would like to draw your
attention to some of the vulnerabilities in your site which i would like to
Kindly provide me the email of relevant team or person and let me know if
there is any bug bounty program or reward regarding this disclosure of
vulnerabilities as this work requires both cost and time


One thing is for sure, Elvin Isaac is not a good Samaritan. He is also not a legitimate website visitor, stumbling on some critical website vulnerability and offering to help you out.

At the very best, Elvin Isaac is one of those people operating bots that scan websites for vulnerabilities, as such scans happen daily, that may or may not discovered anything. But based on information I gathered, some that I didn't make public, I believe this isn't even the case and that the person behind Elvin Isaac is just a scammer.

This kind of "offers" are not something new, you can read more here and here.

Donation notice
Was this helpful? Please consider supporting us by making a donation.


  1. BossUK16 Dec 2022 @ 15:44

    Thanks for posting this, I can confirm we have just received the exact same message.


  2. Bas17 Jan 2023 @ 13:07

    Thanks, I received the exact same message (exact!) but from David Marvi.


  3. Anonymous30 Jan 2023 @ 11:06

    Thanks for posting this, I can confirm we have just received the exact same message.


  4. J B20 Feb 2023 @ 18:12

    This was helpful, thanks for posting


  5. Wladimir Palant09 Aug 2023 @ 17:30

    Wow, this Elvin Isaac sure is persistent. Just got the same email from him, almost identical text. That’s 15 months after your post.


  6. soulchild04 Sep 2023 @ 19:34

    I have managed to bait him into disclosing, by mentioning "no proof no talk no payout"

    The "vulnerabilities" are just bogus "clickjacking" and "DMARC spoofing", which have 0 impact on how a website operate.

    I have attached screenshots on my tweet here :https://twitter.com/soulchildpls/status/1698735890351431712



Leave a new commentReply to comment

Comment received.
Your comment may be held for moderation. If it does not show up immediately, please be patient. Comments have to comply with these rules:
  • English language only
  • Don't post insults or threats
  • Try to keep the discussion constructive and informative
  • Don't post questions without doing a search beforehand

We've noticed that you're using an AdBlocker

It's not just you, over 66% of our site's visitors are blocking the ads.

Please disable adblock for this website and refresh this page if you:
find the content useful
want us to create more useful content and software
want tech support through the comment section

The ads are placed so that there is minimal interference with page reading. There are no pop-up, pop-under or sticky ads.

Alternatively, you can support us by making a donation.