Definitely. Not showing an immediate threat, such as a copy of the CVE database or a request for money, can be assumed to be the typical approach of a long con rather than a sign of goodwill.