Hello everyone,
Below is the serious threat to ISC2’s examination system.
I have come to notice some cheaters getting CISSP certificates without qualifications.
To verify this: I made a new LinkedIn account and joined some cyber security groups.
Result: I received many messages stating that they will give the exam for me and I will receive the certificate within a week, that would come at a cost of course but no preparation or headaches needed.
They also offered me a certificate first, pay afterwards deal.
This will be a big hit to the reputation of ISC2’s credibility, where the value of the expensive certificates from ISC2 will become nil.
Ask any question you might have.
Regards,
Hello,
Please visit our Ethics page: https://www.isc2.org/Ethics. There are instructions for reporting cheating and fraud. You can screen capture and submit images.
Thank you!
@Howard40391 wrote:...PearsonVUE Online, ... easy to cheat ...
(ISC)² exams are not offered through PearsonVUE Online. One must travel to a testing faciltiy to take the exam.
This blog entry discusses why this is the case.
@gidyn wrote:
The weak link ... fraudulent identification.
Along with question-bank confidentiality and access to unauthorized aids during the exam. Agree that identification/authentication is difficult. We see that in the ongoing authentication arms-race (passwords begat MFA begat biometrics and so forth) and it gets even harder when the protectee is an active participant in the deception.
In this case, my initial suspicions lie more with ordinary fraud. The scammer will probably deliver a forged certificate, collect payment and disappear long before the victim realizes that they never will show up in MemberValidation. "Receive the certificate within a week" is the clue. This is insufficient time to schedule an exam slot, much less compete the endorsement process. That said, (ISC)² does need to investigate/address this allegation. Even if authentic certifications are not involved, this causes reputational damage.
@denbesten wrote:
In this case, my initial suspicions lie more with ordinary fraud. The scammer will probably deliver a forged certificate, collect payment and disappear long before the victim realizes that they never will show up in MemberValidation. "Receive the certificate within a week" is the clue. This is insufficient time to schedule an exam slot, much less compete the endorsement process. That said, (ISC)² does need to investigate/address this allegation. Even if authentic certifications are not involved, this causes reputational damage.
In a quieter test center it's easy to get late cancellations. Perhaps more suspicious is that "Receive the certificate within a week" seems to disregard the endorsement process, or is this less than a week these days? Are victims paying for a forged PDF, with no digital badge and no access to the members' area?
@denbesten wrote:In this case, my initial suspicions lie more with ordinary fraud. The scammer will probably deliver a forged certificate, collect payment and disappear long before the victim realizes that they never will show up in MemberValidation. "Receive the certificate within a week" is the clue.
Yes, it may not be an issue of anyone "cheating" to get a certification. Much more likely a scam, and as the victims of such a scam would have to acknowledge unethical behavior in the context of a credential/industry that demands ethics, no one is going to be making a big deal.
Interestingly, I don't think any employer/client has ever checked/validated my CISSP. I'm sure some organizations execute their due diligence more thoroughly. The broader Catch-22 is, though, people don't question credentials or education unless you give them a reason to; but if they have a reason, then does it really matter whether you have those credentials?
I have personally turned in at least a dozen if not slight more through LinkedIn and Quora alone. This is common and only exasperates my tension with certs in the first place.
All we can do is to keep turning these people in and having their accounts deactivated.
- B/Eads
You can be certain I check anyone for any valid big ticket cert be it ISC2, ISACA, Azure or AWS. Its second nature to me and every so often hit a jackpot.
- B/Eads