Plagiarism isn’t new, and the proliferation of shady websites and questionable decisions from search engine giant Google has led to sinister and sometimes silly evolutions in what fraudsters can do with the theft of someone’s intellectual property.

According to Plagiarism Daily, we’re seeing a new outgrowth of plagiarism creep up on us. Gone are the days of spam sites stuffed with keywords and ungrammatical sentences. They’ve been replaced with more advanced (but still awful and questionably innovative) AI and web scraping techniques. Every day, business owners and content creators find their online IP stolen and used for the benefit of some scummy organization that, if they are lucky, can be stopped before they steal their money and reputation outright.

Unfortunately, we learned the lessons of plagiarism the hard way when we discovered that another company had lifted our content and business IP. While that’s a major nuisance for us as a company, it also implies some serious issues that could be coming to the security industry if we aren’t careful.

What Happened

On October 18th, our attorneys sent a letter to a supposed security company demanding they take down roughly 30 pages stolen directly from the Lazarus Alliance website. These imposters copied, wholesale, all our service pages and represented them as their own.

Fortunately, this operation wasn’t exactly a masterclass in fraud. We discovered them due to numerous errors, including the fact that they forgot to remove several instances of our company name, logos, and other intellectual property.

More disturbing, however, was that the company claimed A2LA ISO/IEC 17020 certification using Lazarus Alliance’s certification numbers.

In some ways, we understand why they did it. We’ve been in the compliance and security assessment industry for years, and we’ve pursued and acquired credentials for some of the world’s most prominent, rigorous, and important regulatory and cybersecurity frameworks. We’re proud of the work that we’ve done and the value we’ve provided to our clients year after year.

But plagiarism isn’t always about flattery. This type of theft will have a major impact on our industry, and not for the better.

The Security Industry Is Built on Trust

The fact that this company misrepresented our certification as their own points to a massive problem.

It’s one thing to be singled out as a professional operation because, hey, if fraudsters turn to us when stealing high-quality content to build their unearned reputation and revenue, we must be doing something right. But when it comes to certification numbers, we’re in a different territory completely.

More likely than not, clients looking for a trusted and certified assessment partner will read a website, potentially check the certification numbers or provider marketplace, and consider giving that auditor their business. But this isn’t necessarily true. The reality is that this company saw the opportunity to build their professional identity in a space where they thought we would miss them. If no one is paying attention, it’s very easy to grift unsuspecting clients, potentially over the course of years.

But what if clients don’t double-check provider information? They step into a fraudulent relationship with a substandard operation that couldn’t earn their stripes like the rest of us, trying to peel business off reputable companies, using theft to make money fast.

Meanwhile, the scammed client ends up a few thousand dollars lighter without the certification or authorization they expected to have… that is, if they aren’t also subject to data theft or backdoor attacks along the way.

What, then, happens to the industry? We start moving down a path that will ineluctably damage it:

• Loss of Trust: Businesses looking for a security partner will have to triple-guess every step of the way. This places an undue burden on clients simply looking to navigate a complicated industry and could turn them away from opportunities they may have otherwise pursued, all just to avoid dealing with an untrustworthy marketplace.
• Loss of Integrity: Cybersecurity is built on integrity–namely, the integrity of our professional certification processes. While we can scoff at the so-called “security firm” that must steal credentials to get business, the truth is that it undermines the hard work all of us put into our profession.
• Introduction of Risk: There are some safety nets regarding certification in major regulatory requirements, but not many. When it comes to optional security frameworks (ISO, PCI DSS, SOC 2), a business counts on partnering with a professional assessment organization certified to do that work. When this assessment isn’t up to standards, they’re opening that client to security issues that can threaten their operations, their reputation, and the integrity of their private information.

Remaining Vigilant Against Fraud

Our content has been scrubbed from the imposter’s website, and the offending domain has been completely removed from the Internet. However, a search of the Internet Wayback Machine shows that this theft has been ongoing as early as March 2021. That’s at least 18 months during which these hucksters paraded our certifications to the world, all so they could dupe unsuspecting businesses into spending company money on questionable assessments.

It’s our hope that this company hasn’t been out scamming clients due to our stolen content. We hope that we were quick enough in our response to stop future scams from occurring.

But this event serves as a warning for all of us. Every one of us must stay vigilant, conduct our due diligence, and promote new standards in certified marketplaces so that we can continue to guarantee the trustworthiness and integrity of our profession.

To work with a reputable security company that can help you with SOC, ISO, NIST, PCI DSS, GDPR, and other regulations and frameworks, trust the original Lazarus Alliance.

Call Lazarus Alliance at 1-888-896-7580 or fill in this form.