topic Re: Cheating in CISSP exams in Threats

Cheating in CISSP exams

Shailendraosk — Mon, 09 Oct 2023 10:17:54 GMT

Hello everyone,

Below is the serious threat to ISC2’s examination system.

I have come to notice some cheaters getting CISSP certificates without qualifications.

To verify this: I made a new LinkedIn account and joined some cyber security groups.

Result: I received many messages stating that they will give the exam for me and I will receive the certificate within a week, that would come at a cost of course but no preparation or headaches needed.

They also offered me a certificate first, pay afterwards deal.

This will be a big hit to the reputation of ISC2’s credibility, where the value of the expensive certificates from ISC2 will become nil.

Ask any question you might have.

Regards,

Re: Cheating in CISSP exams

AndreaMoore — Thu, 01 Sep 2022 12:26:44 GMT

Hello,

Please visit our Ethics page: https://www.isc2.org/Ethics. There are instructions for reporting cheating and fraud. You can screen capture and submit images.

Thank you!

Re: Cheating in CISSP exams

gidyn — Thu, 01 Sep 2022 13:00:19 GMT

The weak link is determining that the person who takes the test is the same one who registered. Proctors are not highly trained in identifying fraudulent identification, even if we will assume that there is no bribery involved (there are many countries where bribery is the normal way of doing business).

Re: Cheating in CISSP exams

denbesten — Thu, 01 Sep 2022 13:44:14 GMT

@Howard40391 wrote:
...PearsonVUE Online, ... easy to cheat ...

(ISC)² exams are not offered through PearsonVUE Online. One must travel to a testing faciltiy to take the exam.

This blog entry discusses why this is the case.

Re: Cheating in CISSP exams

denbesten — Thu, 01 Sep 2022 15:00:52 GMT

@gidyn wrote:
The weak link ... fraudulent identification.

Along with question-bank confidentiality and access to unauthorized aids during the exam. Agree that identification/authentication is difficult. We see that in the ongoing authentication arms-race (passwords begat MFA begat biometrics and so forth) and it gets even harder when the protectee is an active participant in the deception.

In this case, my initial suspicions lie more with ordinary fraud. The scammer will probably deliver a forged certificate, collect payment and disappear long before the victim realizes that they never will show up in MemberValidation. "Receive the certificate within a week" is the clue. This is insufficient time to schedule an exam slot, much less compete the endorsement process. That said, (ISC)² does need to investigate/address this allegation. Even if authentic certifications are not involved, this causes reputational damage.

Re: Cheating in CISSP exams

gidyn — Thu, 01 Sep 2022 17:21:46 GMT

@denbesten wrote:

In this case, my initial suspicions lie more with ordinary fraud. The scammer will probably deliver a forged certificate, collect payment and disappear long before the victim realizes that they never will show up in MemberValidation. "Receive the certificate within a week" is the clue. This is insufficient time to schedule an exam slot, much less compete the endorsement process. That said, (ISC)² does need to investigate/address this allegation. Even if authentic certifications are not involved, this causes reputational damage.

In a quieter test center it's easy to get late cancellations. Perhaps more suspicious is that "Receive the certificate within a week" seems to disregard the endorsement process, or is this less than a week these days? Are victims paying for a forged PDF, with no digital badge and no access to the members' area?

Re: Cheating in CISSP exams

JoePete — Fri, 02 Sep 2022 15:44:05 GMT

@denbesten wrote:
In this case, my initial suspicions lie more with ordinary fraud. The scammer will probably deliver a forged certificate, collect payment and disappear long before the victim realizes that they never will show up in MemberValidation. "Receive the certificate within a week" is the clue.

Yes, it may not be an issue of anyone "cheating" to get a certification. Much more likely a scam, and as the victims of such a scam would have to acknowledge unethical behavior in the context of a credential/industry that demands ethics, no one is going to be making a big deal.

Interestingly, I don't think any employer/client has ever checked/validated my CISSP. I'm sure some organizations execute their due diligence more thoroughly. The broader Catch-22 is, though, people don't question credentials or education unless you give them a reason to; but if they have a reason, then does it really matter whether you have those credentials?

Re: Cheating in CISSP exams

nkeaton — Sun, 04 Sep 2022 01:23:07 GMT

Those are scams. The people who pretend to be CISSPs lack ethics. So I wouldn’t call it cheating as the exam database is not compromised in any way. It is very easy to verify actual CISSPs with (ISC)2. I am sure that (ISC)2 has their hands full dealing with these scammers and those with no ethics that would pass themselves off as CISSPs.

Re: Cheating in CISSP exams

Beads — Sun, 04 Sep 2022 03:10:00 GMT

I have personally turned in at least a dozen if not slight more through LinkedIn and Quora alone. This is common and only exasperates my tension with certs in the first place.

All we can do is to keep turning these people in and having their accounts deactivated.

- B/Eads

Re: Cheating in CISSP exams

Beads — Sun, 04 Sep 2022 03:21:28 GMT

You can be certain I check anyone for any valid big ticket cert be it ISC2, ISACA, Azure or AWS. Its second nature to me and every so often hit a jackpot.

- B/Eads

Re: Cheating in CISSP exams

Shailendraosk — Wed, 07 Sep 2022 10:44:40 GMT

Yes. That’s what is happening, people registering for the exams and giving the exams are different. It is the case where I give money to some other people to register me and give exams in my place to bypass ISC2 security mechanisms.

Re: Cheating in CISSP exams

Shailendraosk — Wed, 07 Sep 2022 10:46:47 GMT

Yeah and it causes headaches receiving so much of fraudulent messages and all that Illegal stuff, they offer causes tension.

Re: Cheating in CISSP exams

Shailendraosk — Wed, 07 Sep 2022 10:51:24 GMT

I don’t think many people are that unaware about these things. Especially with all the digital batches and stuff that can’t be forged and shows up in the ISC profile.
And they say they will give the exam in my place first and I can transfer the money after verifying the certificates And credentials.

Re: Cheating in CISSP exams

Shailendraosk — Wed, 07 Sep 2022 10:53:27 GMT

How did you do that? Thorough account suspension or reporting them to cyber police.

Re: Cheating in CISSP exams

Shailendraosk — Wed, 07 Sep 2022 11:21:43 GMT

Hello Ma’am,

I don’t know if this kind of thing comes under the ethics section but I have updated my post with conversation screenshots that might contain an instructor’s name or his broker’s.

Please do check. Thank you for your bearing and patience with my problem.

Regards,
Shailendra

Re: Cheating in CISSP exams

denbesten — Wed, 07 Sep 2022 21:27:55 GMT

A few things:

It is unethical to publicly disclose somebody else's PII (Personal Identifiable Information) without their consent. This is true regardless of if you believe the person is a bad actor. Please edit your screenshots to blur the phone number and last name of the person with whom you are communicating.
Please use the "quote" button to include just a bit of context when you are replying to a specific post. Many of us sort by "newest first", so context is not immediately obvious.
@AndreaMoore is absolutely correct that this is an "ethics" issue, although the link she included does not make it very obvious how to report. Buried at the top of the page is another link, Report Exam and Test Center Fraud. Please use this to submit a formal complaint for investigation.

Re: Cheating in CISSP exams

Shailendraosk — Sat, 10 Sep 2022 09:49:36 GMT

What I’m doing is reporting the unethical person’s identifiable information, I have highlighted it in red.
I thought I might not just hide these kind of things and somebody might help me in the process because the evidence is just right up there.
You can report it too.
I don’t know what you are talking about. Something’s are to be talked openly. I can’t see your username @denbesten, you too might be in league of those people.

You might as well ask me to delete my post champion, and I might do so.

Re: Cheating in CISSP exams

denbesten — Sun, 11 Sep 2022 06:09:57 GMT

@Shailendraosk wrote:

You might as well ask me to delete my post champion, and I might do so.

I am not going to ask that you delete the post. There is value in us security professionals seeing, discussing and learning from an adversary's tools and techniques. However, including their PII does not further that discussion. You might also consider that without blurring you effectively are advertising for the adversary.

(ISC)² has official channels to report this behavior and ensure it gets to the proper people. It is best that they receive original unaltered evidence directly from the witness. Although I could forward ("hearsay") the one piece you posted, it is much better that you submit a formal report for each of the "many" you mentioned.

Re: Cheating in CISSP exams

Shailendraosk — Sun, 11 Sep 2022 05:26:47 GMT

@denbesten, you are really a champion at modifying and repeating a person’s words. I have seen it in all the posts you posted.

The way you behave is more like a troll.

Good luck! With the trolling.

Re: Cheating in CISSP exams

AndreaMoore — Mon, 12 Sep 2022 16:39:56 GMT

Hello all,

Thank you for being diligent and reporting unethical situations. However, posting here or other social media sites is not following proper procedures. Please only report using the ethics link I posted earlier.

I'll turn off commenting as this seems to be getting contentious. Please remember to be polite and professional in all communication on this site.

Thank you.