Open Bug Bounty urges the public to ignore the sender's request and report the instance to domain registrar/hosting for takedown. It also emphasized that all their emails are digitally signed and are sent exclusively from openbugbounty[.]org.

While there have been no reports of this particular phishing email at Brown, those who are recipients of notifications from Open Bug Bounty should be aware of this. If receiving a suspicious email, confirm the researcher's name on their site.