Keeping up to date with the scientific literature is a large part of the work-load of any researcher. Love it or loathe it, this means of sharing research findings with the larger scientific community is still the way in which most of us inform ourselves of the latest findings in our fields of research, or share the news of our academic work with fellow scientists.

According to the International Association of Scientific, Technical and Medical Publishers (STM), there are over 28,100 peer-reviewed journals.  These journals publish approximately 1.9 million articles per year. The number of journals continues to grow by around 3.5% each year.  This is largely due to the fact that the numbers of researchers worldwide slowly increases by 3% each year. What the STM report doesn’t mention is the worrying increase in scientific cyber fraud and the number of journals ‘hijacked’ each year.

Why Are Journals Being Hijacked?

The simple answer to this question is money. Paying to have an article published is common, especially among the Open Access (OA) Journals which allow articles to be viewed and downloaded for free. Whilst this is great for researchers and institutes by decreasing pay-per-view and subscription fees, journals still have to pay their staff, web-hosting and so on, hence the pay for publication scenario.

Although some publishers ask for a fee of up to $4500 per article, not all of the OA journals charge authors for publication. According to the Directory of Open Access Journals, only around 30% of OA journals charge for publication, compared to approximately 75% of non-OA journals who do charge author fees. However, this still leaves an awful lot of journals which could potentially be hijacked by fraudsters and criminals. The OA part of the scientific article market is reckoned to be worth over $250 million per year.

How Are Journals Hijacked?

Two of the researchers who are at the forefront of reporting scientific cyber fraud are Mehrdad Jalalian, a journalist and owner of Mehr Publishing in Iran (who coined the unofficial phrase ‘hijacked journal’) and Mehdi Dadkhah from the Fouland Institute of Technology in Iran.

In a paper, which tells the story of 90 hijacked journals from 2011 to 2015, Jalalian and Dadkhah explain the evolving tactics used to fool unsuspecting scientists into parting with their hard-earned research money. The hackers and cybercriminals build fake websites for journals indexed by Web of Science and have impact factors calculated by the Journal Citation Reports.

The first reported case of a hijacked journal was in 2011. A cybercriminal took over an expired web domain and used it as a platform for three hijacked journals and seven fake journals. The first noticed case in 2011 was just the start and by 2014, one hacker undertook ‘mass journal hijacking’ and created counterfeit websites for a large number of journals, including some of the world’s leaders in medical research. Some fraudsters ‘steal’ articles from other journals to give the appearance that the hijacked and/or fake journals have published many previous articles. Tactics have also included fake copyright as well as fake International Standard Serial Numbers (ISSN).

Another scientific cyber fraud scam involves conferences- from hosting fake virtual conferences to the promise of publishing conference papers and proceedings. In one ironic case, Dadkhah himself was almost conned out of $600 after he received an email (which later turned out to be spam from a hacker) inviting him to present his internet security research at a conference which would subsequently be published by a journal indexed by Thomson Reuters. Luckily, Dadkhah discovered that the website was illegally cloned and made a narrow escape.

How Can You Spot a Hijacked Journal?

Check the Lists

Mehrdad Jalalian keeps lists of some of the journals which have been hijacked to date and posts updates to his website. John Bohannon, who wrote the investigative article for Science Magazine, also published a list of the hijacked journals that he uncovered as part of his investigation.

But what if you suspect a journal has been hijacked and you can’t find it on one of the lists?

What to Look Out For

One way to spot a hijacked journal is to check the website domain registration using a ‘WHOIS’ query.  You can do this using a number of online tools. The query gives details about the owner of the domain, where it is registered and when it expires. If the queried website is in a different country from where the journal is based, or if the suspected website was registered recently and the journal is well-established, this should set alarm bells ringing. The name and contact details of the journals publishers should also be readily available on a legitimate website.

What to Do If You Suspect Scientific Cyber Fraud

If you suspect that a journal has been hijacked, the first thing you should do is contact the Editor-in-Chief of the legitimate journal. Let them know as soon as possible so they can take the relative action. You could also consider contacting Mehrdad Jalalian or John Bohannon (see above). If you are unfortunate enough to have been conned by a hijacked journal, report the fraud to your bank/credit card provider. The financial companies should pass the case on to their fraud department and may involve the police.

Remember, websites are hacked and hijacked regularly, so be careful out there.  Be aware of scientific cyber fraud and don’t make assumptions regarding the legitimacy of journal sites.