eLearnSecurity/Caendra

As I sit here wondering my next chest move I do some reading. Then I find myself looking at Reddit, a few other sites and this particular site.

Then for one reason or another I decide to take a deeper dive into eLearnSecurity. The first place I look is job boards. I definitely struck out. I stuck ejpt into indeed and get 0 hits. I stick eccpt into indeed and get four hits, although half of those hits are from the actual company eLearn Security. So I guess technically it should count only as two hits. No surprises here. Although people promote the site for whatever reason, the actual experience in beneficial ( for some) , that is really about it.

So, I say let me just purchase this training. It is only 400 bucks. I have spent way more than that on certification training.

So I bought the Penetration Testing Elite Version. It gave you the typical hey do you want to add more stuff in your shopping cart page. I clicked no. I was hesitant in adding this course to my shopping cart let alone anything else.

Long story short I get an email for verification purposes. Here take a look:

Dear Girlygirl,
We are thrilled to have you on board.
However we need further checks before we can open your account.
Kindly provide us with the following documents:
  • a scan of your government ID with photograph (passport or driver license);
  • a scan of your credit card. You can hide the first 12 digits.
You can upload your documents here:
www.jklajdflkajfkldf.com
Your name and photo should be readable and supported formats are PDF, JPEG, ZIP, RAR, and TAR.GZ.
***Please do so within 5 days to avoid order and payment rejection*** Oh no let me hurry up and get right on it...icon_rolleyes.gif


So, you want not just a copy of my identification but ALSO a copy of my edited credit card... For a 400 dollar non-recognized course. I think not. I will not. I can not. I have never in my life had to show TWO forms of identification for such little return. That is my gripe for tonight. I will gladly take my $399 back and won't loose any sleep.

That is my complaint for today.

Comments

  • cyberguyprcyberguypr Senior Member Mod Posts: 6,926 Mod
    Good for you. I file this under the "F-no" category. Edited or not, I would never provide that information to anyone for a simple course.
  • EANxEANx Member Posts: 1,078 ■■■■■■■■□□
    Something's not right, I'd do the following:
    - Report it to them directly. Try pinging them at [email protected]
    - Sign up for the bare-bones junior pen testing course (PTSv3? I'm assuming that's the one you bought). There's a code floating around through their twitter account to get it for free (see Aug 29 in their Twitter feed). Once you do so, they give you $100 off on each of the full and elite to upgrade so full is $200, elite is $300.
  • UnixGuyUnixGuy Are we having fun yet? Mod Posts: 4,331 Mod
    I don't remember being asked to provide this kind of information! They have a chat support, and they are quick to respond.
    Certs: GPEN, GCFA, CISM, CRISC, RHCE
    In Progress: MBA
  • cyberguyprcyberguypr Senior Member Mod Posts: 6,926 Mod
    BTW, Offensive Security also pulls similar crap if you have a free mail address:
    If you do not have a non free e-mail address, we are legally obligated to obtain a scanned copy of your valid government issued ID in color, such as a driver’s license or passport. For IDs in the form of a card, please include a scan of both the front and back of the card.

    We need to be able to see your photo, full name, address (if applicable), year of birth and the expiration date of the ID. You may blur the ID number. Expired IDs are not accepted.

    I'm not doubting there's some legal requirement (ITAR maybe?), just saying that it is BS and I would never adhere to this.
  • GirlyGirlGirlyGirl Member Posts: 219
    To Whom It May Concern,

    I am done with eLearnSecurity. Completely done. It is not worth my bandwidth or laptop battery or time left on earth to involve myself with attempting to get into this training. This company is not competing with the (security) industry. We can all be truthful to ourselves about that.

    Please see attached email I sent them.
  • CertifiedMonkeyCertifiedMonkey Member Posts: 172 ■■□□□□□□□□
    This must be a new thing because I bought 2 courses and never had to do this. If this is the new requirement for signing up to a course then I'm out too. there is no demand for these certs in my area.
  • GirlyGirlGirlyGirl Member Posts: 219
    cyberguypr wrote: »
    BTW, Offensive Security also pulls similar crap if you have a free mail address:


    I'm not doubting there's some legal requirement (ITAR maybe?), just saying that it is BS and I would never adhere to this.


    True. I bit the bullet on Offensive Security in the past. I am not sure why. But I am not found of either approach. eLearnSecurity asks for way more than Offensive Security, although eLearnSecurity certifications are 98% less valuable. Here is the Offensive Security email:




    If you are unable to provide an alternate non-free address that allows us to get basic verification, we will require a scanned identification (in colour) such as a driver's license or a passport.
    If you choose to send a scanned ID, you may blur the ID number and send it to .........fjlkadjfk.com
  • tralalalaaatralalalaaa Registered Users Posts: 2 ■■□□□□□□□□
    If this form of identity proof is really required, then they're losing out on some markets completely.

    In Germany, for example, it is forbidden by law to provide copies of your national ID or passport to third parties (with some exceptions, like banks). I assume Austrian and Swiss laws are similar.

    In other words, Germans cannot sign up for eLearnSecurity courses without committing a crime anymore.
  • JensBadaJensBada Member Posts: 14 ■□□□□□□□□□
    Hi, I hope I can shed some light on this since I work for eLS.

    First of all sorry for the experience so far GirlyGirl (Bill Cosby).

    We do usually not ask to add anything extra to the shopping cart, you tick the box of the course you want to enroll in and that's it.

    Some of the banks ask for a proof from the owner of a credit card if details are not matching or the card is under a different name. This is standard procedure which is in place since a long time. Again, this is only asked if certain triggers are met which suggest a fraudulent transaction to the banks, and it is there to protect you from someone else using your credit card. This happens before any amount is charged to the card btw.
    It can be a bit of an added work to upload those documents in case the transaction is legit, but after all we all we want our credit cards to be a bit secure at least. There are too many people out there trying to order stuff with stolen credit card details. If one of those is your card you'd be happy the bank asks for a proof of identity before approving any purchases.

    Our certifications are not as recognized as others yet, that's true. We are working on it though ;) You can see many of our different certificates showing up on LinkedIn for example already. We always valued actual skills way more than the certificate one gets after passing an exam. That is why our exams are all hands-on based on real life scenarios, and not simple multiple choice exams.

    It is sad to see that you judge the quality of our training without even trying it yourself first, simply based on a requirement from the bank. Please do look into our social media feeds as suggested, we give away invites to the Barebone Edition of PTS there for free sometimes. No need to enter any payment information. This will give you the chance to actually test our courses and hopefully be convinced that there is a lot of value in practical training.

    We do also have a live-chat online most of the time and a support -at- eLearnSecurity dot com email for questions.
    Thanks
  • JensBadaJensBada Member Posts: 14 ■□□□□□□□□□
    If this form of identity proof is really required, then they're losing out on some markets completely.

    We got loads of happy students from Germany, Switzerland and Austria ;)
    As said, these documents are required under certain conditions only from the banks...
  • mokazmokaz Member Posts: 172
    JensBada wrote: »
    We got loads of happy students from Germany, Switzerland and Austria ;)
    As said, these documents are required under certain conditions only from the banks...

    Well i've had to give these documents as well, ID + CC copy.
    Honestly as long as the CC is not asked from both sides (the 3 digit sec code in the back) i hardly see an issue with this.
    I gave the requested information and I've been good to go.

    Also i guess we perhaps don't see the loads of fraudulent attempts to register, which implies more hardened pre-checks.

    Cheers,
    m.
  • bootboot Member Posts: 22 ■□□□□□□□□□
    GirlyGirl wrote: »
    I am done with eLearnSecurity. Completely done. It is not worth my bandwidth or laptop battery or time left on earth to involve myself with attempting to get into this training. This company is not competing with the (security) industry. We can all be truthful to ourselves about that.

    It's completely valid to evaluate eLS certs based on their resume/recognition value, and on that subject I agree with your assessment. This, however, is a severe overreaction. I'll admit I've never understood the practice of requiring ID scans, they're effectively saying "we do not have sufficient assurance that you are who you say you are, please prove that you stole this persons wallet". Sure, physical theft doesn't scale as well as online theft, but it still has such an obvious flaw. The reason I call it an overreaction is because this practice isn't unique to eLS, I've read stories of all kinds of companies requiring it. Unless you got a credit card recently, I'm surprised you have never heard of this before. I've never run into it myself, but all the banks I use support two-factor authentication for online purchases, and therefore provides reasonable assurance that a purchase is legitimate.

    It's not eLS sitting on their high horse thinking they're so special every customer must prove their worth and dedication to eLS by going through this laborous process. It's quite common in many countries (especially USA, it seems), and a practice likely required by many customers banks (because the banks choose not to provide more automated means of strong authentication of purchases). Offensive Security gets the trophy for realizing how backwards this practice sounds with the rampant phishing threats everywhere, and doing their homework to figure out the absolute minimum of information they need to comply with policy (beacuse they can't change the policy), and guiding customers to minimize their exposure. Many businesses, eLS included, has something to learn here.
  • 0b3lix0b3lix Member Posts: 9 ■□□□□□□□□□
    Just tried signing up for the PND course and wanted to pay, but was asked for the exact same documents (scans of ID and credit card).

    I am, in fact, a German citizen and I know of these laws too. We are not allowed to provide copies of our IDs to third parties unless they are a bank, the German post, or police.

    I uploaded a heavily censored version of my ID to eLS now. Hope it will suffice. If not, I will not be taking any of their courses. I was never asked by Offensive Security to provide any such documents (and I did OSCP, OSCE and OSWP with them). The fraud potential with this data is simply huge and, though this might be the typical industry-induced paranoia, this risk is too big for me to take any eLS courses.

    I am also seriously doubting the bank requirement here. I've done so much online business with my credit card all over the world, but NEVER did I have to provide a copy of my ID or credit card. I don't like this at all and am seriously wondering why they require it to begin with.
  • mokazmokaz Member Posts: 172
    0b3lix wrote: »
    I am also seriously doubting the bank requirement here. I've done so much online business with my credit card all over the world, but NEVER did I have to provide a copy of my ID or credit card. I don't like this at all and am seriously wondering why they require it to begin with.

    Well honestly i'm also sometimes on the paranoid side, but here really i think all is safe really.. Just a company asking for documents (ID, CC copy) in order to protect you from any possible fraud.

    From the Caendra email:
    - Caendra Anti-Fraud Team -
    P.S. We are doing so to limit the huge amount of fraud attempts we receive every day.
    Feel free to hide info that you deem sensitive (besides full name and photograph).
    Please note that we will store your file in encrypted format and only during this reviewal process.
    We will immediately remove it afterwards.


    Nothing to do with this, i've taken the PND as part of a "4 in a box" and well i've got a similar path as yours, OSCP, OSCE... you'll be bored... I really think that i shall have elected the PWD course instead of the PND one..
  • ITSec_guyITSec_guy Registered Users Posts: 3 ■□□□□□□□□□
    Sounds like a scam. Not being racist, but they are based in the Dubai. They probably resell it..
  • PhalanxPhalanx I have many leatherbound books... United KingdomMember Posts: 331 ■■■□□□□□□□
    ITSec_guy wrote: »
    Sounds like a scam. Not being racist, but they are based in the Dubai. They probably resell it..

    Hahaha.... really? Wait, you're serious? Great first post... /sigh
    While some people find this controversial, I have no qualms in saying eLS/Caendra is not a scam. Also, their head office is in California, and they have other satellite offices around the world.
    Client & Security: Microsoft 365 Modern Desktop Administrator Associate | MCSE: Mobility
    Server & Networking: MCSA: Windows Server 2016 | MTA: Networking Fundamentals
    Data Privacy & Project/Service Management: PECB GDPR DPO/Practitioner | ITIL 2011: Foundation | CompTIA Project+
    Currently Studying: Microsoft 365 Enterprise Administrator Expert
  • Danielm7Danielm7 Member Posts: 2,309 ■■■■■■■■□□
    Phalanx wrote: »
    Hahaha.... really? Wait, you're serious? Great first post... /sigh
    While some people find this controversial, I have no qualms in saying eLS/Caendra is not a scam. Also, their head office is in California, and they have other satellite offices around the world.
    Yeah seriously, you're totally wrong, they're a completely legit business and tons of people here, myself included, have taken their courses.
  • UnixGuyUnixGuy Are we having fun yet? Mod Posts: 4,331 Mod
    ITSec_guy wrote: »
    Sounds like a scam. Not being racist, but they are based in the Dubai. They probably resell it..



    ^^ User registered to write this post, making stuff up. eLearnSecurity is legit, and it's an Italian company with offices in Dubai and the US
    Certs: GPEN, GCFA, CISM, CRISC, RHCE
    In Progress: MBA
  • cyberguyprcyberguypr Senior Member Mod Posts: 6,926 Mod
    Nice try with the fake account, EC Council.
  • KAmes4545KAmes4545 Member Posts: 13 ■■■□□□□□□□
    I was just asked for this information as well. I would have liked to known beforehand that I would need to provide this information, maybe in their FAQ or just stated some place before going through the checkout process. I'm just hesitant to give a drivers license and credit card over to somebody stating "it's encrypted" and "we'll destroy it afterwards". @JensBada - They mention you can obfuscate "sensitive data" well can I just white out everything on the drivers license except my name and photo? P.S. - I didn't even pay with a credit card, what are you going to verify by acquiring that?
  • KAmes4545KAmes4545 Member Posts: 13 ■■■□□□□□□□
    I contacted support about the issue and they resolved this issue very quickly. I'm very satisfied with this support response and look forward to the course I signed up for and future ones.
  • chrisonechrisone Senior Member Member Posts: 2,230 ■■■■■■■■■□
    eLearnSecurity is legit and their course content is good too. Never experienced such a thing with them.
    Certs: CISSP, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, AZ-900, VHL:Advanced+, Retired Cisco CCNP/SP/DP
    2021 Goals
    Courses: eLearnSecurity - PTXv2 (complete), SANS 699: Purple Team Tactics (completed), PentesterLabs Pro (ongoing)
    EnCase Courses: DF120 (complete), DF210 (in progress), DF310
    Certs: AZ-500, SC-200 (passed), SC-300 (next), EnCE, Splunk Core Power User (passed), Splunk Enterprise Sys Admin
  • trac0detrac0de Member Posts: 27 ■□□□□□□□□□
    Seriously ?
    "Feel free to hide info that you deem sensitive (besides full name and photograph)."

    And you have to leave only 4 last digits from your card ....
    All you are afraid is that your sensitive data will be "leaked".
    And with GDPR companies have to be very careful with all that data, if leak they will pay a huge fine.
    You are afraid of providing ID info where really they only need a photo and full name ... is something I can get from your Facebook account.
    And as proven already (The Cambridge Alalityca) your Facebook data is more valuable.

    You really don't know what is going on in the world, some nation-known holiday parks kept your credit/debit card data (as a deposit) on a piece of paper in a shelf (NOT A SAFE) sometimes not even locked, BOOM.

    What about your phone? What kind of phone are you using? how old? and are you login into the bank account through it?
  • MalwareMikeMalwareMike GSEC, GCIH, GCIA, GWAPT, RHCSA, WCNA Member Posts: 147 ■■■□□□□□□□
    TL;DR

    I just wanted to stop by and say eLS is a great resource and worth the money. Their certifications might not be listed in job ads but it's a cheaper solution (compared to SANS) and you'll definitely learn enough to send you in a direction to learn more advanced topics.
    Current: GSEC, GCIH, GCIA, GWAPT, GYPC, RHCSA, WCNA
    2019 Goals: CISSP, Splunk certifications (Certified Core, Power User, Admin, and Architect)
    Twitter: https://twitter.com/Malware_Mike
    Website: https://www.malwaremike.com

  • rdwill75rdwill75 Registered Users Posts: 2 ■□□□□□□□□□
    I've done a few eLearnSecurity courses and work directly in security engineering. I've done many SANS courses, as well. I really encourage people I work with to take a look at their courses. The material is good, the labs are great (generally - without some exceptions) and the price per course value is excellent. I know they aren't as recognized as SANS or Offensive Security, but damn I've learned a lot through their material.
  • ramrod777ramrod777 Member Posts: 10 ■□□□□□□□□□
    well, elearnsecurity actually accepts virtual credit card. I used that to pay for my course so if you really dont want to send a photocopy of your credit card you can use a virtual one.
  • MalwareMikeMalwareMike GSEC, GCIH, GCIA, GWAPT, RHCSA, WCNA Member Posts: 147 ■■■□□□□□□□
    rdwill75 wrote: »
    I've done a few eLearnSecurity courses and work directly in security engineering. I've done many SANS courses, as well. I really encourage people I work with to take a look at their courses. The material is good, the labs are great (generally - without some exceptions) and the price per course value is excellent. I know they aren't as recognized as SANS or Offensive Security, but damn I've learned a lot through their material.

    When you factor in price and the quality of content, I think SANS and elearnsecurity are on par with each other.
    Current: GSEC, GCIH, GCIA, GWAPT, GYPC, RHCSA, WCNA
    2019 Goals: CISSP, Splunk certifications (Certified Core, Power User, Admin, and Architect)
    Twitter: https://twitter.com/Malware_Mike
    Website: https://www.malwaremike.com

  • kurtkobaindtkurtkobaindt Member Posts: 15 ■□□□□□□□□□
    ramrod777 wrote: »
    well, elearnsecurity actually accepts virtual credit card. I used that to pay for my course so if you really dont want to send a photocopy of your credit card you can use a virtual one.

    hi I'm new member here. I just want to ask "what is virtual credit card?"
  • cyberguyprcyberguypr Senior Member Mod Posts: 6,926 Mod
    @kurtkobaindt check out Privacy.com to see what they are.
  • kurtkobaindtkurtkobaindt Member Posts: 15 ■□□□□□□□□□
    cyberguypr wrote: »
    @kurtkobaindt check out Privacy.com to see what they are.
    thanks for the link. Now I can understand.
Sign In or Register to comment.