It's pretty hard to tell, but there are things you can do to protect yourself. Looking into the team beforehand is a good idea, if any reputable names are in there it's safe to assume they're legit. Read through their whitepaper, if it's decently thought out and proofread, that's also usually a good sign. Not to say a good whitepaper is the only standard, there are definitely some bounties I've done where the whitepaper was atrocious and they paid out. It's probably in your best interests to not worry about who is trying to scam you and just do what you can with bounties. You will lose more time trying to discover scams than if you just did the bounty itself. Aside from signatures of course, they usually pay out the most and a scam one could cost you a decent amount.