Welcome to the SecAware blog

I spy with my beady eye ...

20 Mar 2007

Fraudulent CISA exam registration web sites

The websites www.cisaca.org and www.cisaca.com which claim to be authorized by ISACA to register candidates for the CISA exam and sell ISACA authored study material, are fraudulent according to ISACA.

Neither these web sites nor their owners are affiliated in any way with or endorsed by ISACA, nor have they been authorized as registrars for the CISA exam or as distributors of any CISA study materials.

Registration for the CISA exam or study aid purchase made through www.cisaca.org or www.cisaca.com, is NOT valid. ISACA is not responsible for any refund of registration fees or study materials purchased through these sites. The only legitimate online exam registration and study aid purchase web site is www.isaca.org.

Anyone that has been deceived by these web sites is asked to contact ISACA International Headquarters' certification department (certification@isaca.org) and provide the following information: their name, email address, to whom the payment was made, the amount paid, the exam registered for, and the web site accessed to register for the exam. ISACA highly encourages you to contact the ISACA certification department regarding registration for future CISA (or indeed CISM) exams.

This looks like a classic "domain lookalike" fraud or phishing incident, unusual only in that it involves an IT audit organization. The fraudsters are evidently looking for new/softer targets having milked the naive customers of most financial institutions for all they are worth. I guess trademark infringement may be enough for ISACA to get the copycat sites shut down ... eventually ...

More identity theft resources

No comments:

Post a Comment