Feature

How to hijack a journal

See allHide authors and affiliations

Science  20 Nov 2015:
Vol. 350, Issue 6263, pp. 903-905
DOI: 10.1126/science.350.6263.903

You are currently viewing the summary.

View Full Text

Summary

According to a tip sent to Science, fraudsters are snatching entire Web addresses, known as Internet domains, right out from under academic publishers, erecting fake versions of their sites, and hijacking their journals, along with their Web traffic. Website spoofing has been around since the rise of Internet search engines, but it's only in the past few years that scholarly journals have been targeted. The usual method is to build a convincing version of a website at a similar address—www.sciencmag.org rather than www.sciencemag.org—and then drive Web traffic to the fake site. But snatching the official domain is an insidious twist: Unsuspecting visitors who log into the hijacked journal sites might give away passwords or money as they try to pay subscriptions or article processing fees. Science's investigation confirmed that this scam is real, identifying 24 recently snatched journal domains, and revealed how the hijackers are likely doing it—the author even snatched the domain of a journal for a day to show how easy the method is. "Other businesses invest heavily in cybersecurity, and scholarly journals will necessarily need to follow," warns Phil Davis, a former university librarian who is now a consultant in the scholarly publishing industry. "There is a lot more than just money at stake. Reputations and trust are on the line."