Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Miro
Viewer
‎08-26-2024 11:36 AM
‎08-26-2024 11:36 AM

Is this email a spam or wrong security practice?

Got officially looking email from isc2.org. And yes, my annual fee is due soon

 

Miro_0-1724686236023.png

All the links in that email, even the ones saying ISC2 have a "foreign" domain linked to it - "https://cl.s12.exct.net/?qs=9794952c7..."

I just checked the certificate and it's issued to SalesForce

Miro_2-1724686438609.png

As I did not click on any of links, this is either a really well disguised phishing email, or a blatantly wrong practice by ISC^2 and goes against some of key anti-phishing tenants we try to teach others to apply

Reply
7 Replies
Roels
Newcomer I
‎01-30-2025 01:18 PM
‎01-30-2025 01:18 PM

Exactly my thoughts also when receiving a similar e-mail today.. interesting also that there's no response at all from ICS2 in this member-support thread?

 

cheers,

Roel.

Reply
InfoSecAddicted
Viewer
‎08-19-2025 09:13 AM
‎08-19-2025 09:13 AM

Dear ISC2 Team,
 
Today I received an email which raised significant security concerns. The included link: https://cl.s12.exct.net/?qs=545...
 
  1. Was blocked by my local malware detection system
  2. Was blocked by my DNS-based anti-malware and spam filter
  3. Returned multiple suspicious results during a manual domain check
Given ISC2’s role as a leading security organization and the membership fees you collect, it is reasonable to expect that your communication infrastructure adheres to strong security practices. Specifically:
  1. Emails should clearly originate from an @isc2.org sender domain.
  2. Embedded links should be fully transparent, without tracking components, and should clearly resolve to a .isc2.org domain.
If your current email or application provider cannot meet these requirements, I strongly encourage you to reassess the service.
 
As a security community, we must lead by example and ensure that our communications reflect the standards we promote.
 
Best regards.
Reply
Roels
Newcomer I
‎08-20-2025 09:17 AM
‎08-20-2025 09:17 AM

A year has passed and still the same practice is used also without any response back from ISC2..

 

Reply
mariatirado
Community Manager
Community Manager
‎08-22-2025 09:18 AM
‎08-22-2025 09:18 AM

Hi @Roels - our CX team is currently reviewing your case, and you should be hearing back from them today. Thank you for your patience. 

Reply
0 Kudos
Roels
Newcomer I
‎08-28-2025 06:33 AM
‎08-28-2025 06:33 AM

Hi @mariatirado ,

 

I haven't heard anything back (surprise?).

 

Can someone from ISC2 please at least confirm they understand the issue as well described by @InfoSecAddicted in this thread and propose solutions how it will be solved?

 

thanks

Roels.

Reply
mariatirado
Community Manager
Community Manager
‎08-28-2025 01:28 PM
‎08-28-2025 01:28 PM

Hi @Roels, thanks for following up and for raising your concerns. Our Customer Experience team has reached out to @InfoSecAddicted directly and is actively working to resolve the issue. We appreciate your engagement as we work through this together!

Reply
0 Kudos
Mrankdnkm
Viewer II
3 weeks ago
3 weeks ago

I am also receiving emails from this domain.
Is this a real isc domain or not?
Very simple question !!!
Reply
0 Kudos