cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Shailendraosk
Newcomer I

Cheating in CISSP exams

Hello everyone,

 

Below is the serious threat to ISC2’s examination system.

 

I have come to notice some cheaters getting CISSP certificates without qualifications.


To verify this: I made a new LinkedIn account and joined some cyber security groups.

 

Result: I received many messages stating that they will give the exam for me and I will receive the certificate within a week, that would come at a cost of course but no preparation or headaches needed.

 

They also offered me a certificate first, pay afterwards deal.

 

This will be a big hit to the reputation of ISC2’s credibility, where the value of the expensive certificates from ISC2 will become nil.

 

Ask any question you might have.


Regards,

19 Replies
AndreaMoore
Community Manager

Hello, 

 

Please visit our Ethics page: https://www.isc2.org/Ethics. There are instructions for reporting cheating and fraud. You can screen capture and submit images. 

 

Thank you!




ISC2 Community Manager
gidyn
Contributor III

The weak link is determining that the person who takes the test is the same one who registered. Proctors are not highly trained in identifying fraudulent identification, even if we will assume that there is no bribery involved (there are many countries where bribery is the normal way of doing business).
denbesten
Community Champion


@Howard40391 wrote:

...PearsonVUE Online, ... easy to cheat ...


(ISC)² exams are not offered through PearsonVUE Online. One must travel to a testing faciltiy to take the exam.  

 

This blog entry discusses why this is the case.

 

 

denbesten
Community Champion


@gidyn wrote:
The weak link ... fraudulent identification.

Along with question-bank confidentiality and access to unauthorized aids during the exam. Agree that identification/authentication is difficult.  We see that in the ongoing authentication arms-race (passwords begat MFA begat biometrics and so forth) and it gets even harder when the protectee is an active participant in the deception.

 

 

In this case, my initial suspicions lie more with ordinary fraud. The scammer will probably deliver a forged certificate, collect payment and disappear long before the victim realizes that they never will show up in MemberValidation.  "Receive the certificate within a week" is the clue. This is insufficient time to schedule an exam slot, much less compete the endorsement process.  That said, (ISC)² does need to investigate/address this allegation.  Even if authentic certifications are not involved, this causes reputational damage.

 

gidyn
Contributor III


@denbesten wrote:

 

In this case, my initial suspicions lie more with ordinary fraud. The scammer will probably deliver a forged certificate, collect payment and disappear long before the victim realizes that they never will show up in MemberValidation.  "Receive the certificate within a week" is the clue. This is insufficient time to schedule an exam slot, much less compete the endorsement process.  That said, (ISC)² does need to investigate/address this allegation.  Even if authentic certifications are not involved, this causes reputational damage.


In a quieter test center it's easy to get late cancellations. Perhaps more suspicious is that "Receive the certificate within a week" seems to disregard the endorsement process, or is this less than a week these days? Are victims paying for a forged PDF, with no digital badge and no access to the members' area?

JoePete
Advocate I


@denbesten wrote:

In this case, my initial suspicions lie more with ordinary fraud. The scammer will probably deliver a forged certificate, collect payment and disappear long before the victim realizes that they never will show up in MemberValidation.  "Receive the certificate within a week" is the clue.


Yes, it may not be an issue of anyone "cheating" to get a certification. Much more likely a scam, and as the victims of such a scam would have to acknowledge unethical behavior in the context of a credential/industry that demands ethics, no one is going to be making a big deal.

 

Interestingly, I don't think any employer/client has ever checked/validated my CISSP. I'm sure some organizations execute their due diligence more thoroughly. The broader Catch-22 is, though, people don't question credentials or education unless you give them a reason to; but if they have a reason, then does it really matter whether you have those credentials?

nkeaton
Newcomer III

Those are scams. The people who pretend to be CISSPs lack ethics. So I wouldn’t call it cheating as the exam database is not compromised in any way. It is very easy to verify actual CISSPs with (ISC)2. I am sure that (ISC)2 has their hands full dealing with these scammers and those with no ethics that would pass themselves off as CISSPs.
Beads
Advocate I

I have personally turned in at least a dozen if not slight more through LinkedIn and Quora alone. This is common and only exasperates my tension with certs in the first place.

 

All we can do is to keep turning these people in and having their accounts deactivated.

 

- B/Eads

Beads
Advocate I

You can be certain I check anyone for any valid big ticket cert be it ISC2, ISACA, Azure or AWS. Its second nature to me and every so often hit a jackpot.

 

- B/Eads