9/10/2002 -- If you get an e-mail from ISC(2), it may not be what it seems.

The security organization, known for its high-level CISSP certification, recently posted information on its Web site about an ongoing struggle to stop what it says is a disgruntled candidate from sending fake ISC(2) e-mails to program participants.

"ISC(2) is the target of an ongoing malicious hoax e-mail campaign from one individual," the company states. "It appears that an Australian candidates for our professional certification failed the exam and has resorted to using highly unethical tactics to sully our good name because of his failure."

According to the organization, the most recent fake e-mail sent by the forger was a "hate-filled diatribe against Jewish people." The organization is working with the Anti-Defamation league to publicize the false nature of the e-mail (see http://www.adl.org/rumors/isc2.asp).

Earlier this summer, the unknown culprit sent candidates a fake ISC(2) e-mail telling candidates that their contact information had been sold to third-party marketers, and that the organization would consider removing the candidate's personal information for a $10 fee.

ISC(2) pointed out that inspection of the e-mails' headers reveal that they do not come from ISC(2). The organization is also now using PGP signatures to help identify official correspondence.

ISC(2) did not mention how the offender obtained the e-mail addresses of the program's participants.

More information about the hoax and how to identify legitimate ISC(2) e-mails can be found here. - B.N.