Have you heard about hijacked journals, which take over legitimate publications’ titles, ISSNs, and other metadata without their permission? We recently launched the Retraction Watch Hijacked Journal Checker, and will be publishing regular posts like this one to tell the stories of some of those cases.
When web domains of legitimate journals expire, fraudulent publishers have an opening to hijack them by registering the expired domains and creating clone websites that mimic the genuine journal.
In 2015, John Bohannon found fraudulent publishers had hijacked the websites of several legitimate journals indexed in Web of Science. The expired domains of GMP Review and Ludus Vitalis, which Web of Science listed as their official homepages, were registered by the fraudulent publishers, who created clone journals offering to publish papers for a fee.
Taking over expired domains remains a successful strategy for fraudulent publishers, because potential authors may use the websites listed in scientometric databases to verify the authenticity of a journal. Recently, three examples have come to light of journals with domains that expired and were hijacked by fake journals.
One of the hijacked titles is the Russian Law Journal. The website of the journal expired at the end of 2022, and a new journal imitating the original was set up by January 2023:
Clarivate’s Master Journal List still pointed to the compromised site, and unauthorized content penetrated the Web of Science Core Collection as well. The genuine journal stopped publishing in 2021, so all 59 papers indexed in 2022 and 2023 potentially originate from the hijackers:
A screenshot from May 2023.
The Journal of Academic Leadership is another title that has been compromised. The domain of the journal expired and was offered for sale for $3,000 as of December 2021. A buyer emerged by March 2022, and the domain now hosts the fake journal. Scopus had listed the compromised link, but the index later removed it.
A screenshot from December 2022.
Nick Wise, a researcher from Cambridge and paper mill sleuth, identified another journal with a hijacked domain earlier this month. The domain for the journal Lampyrid had expired, and was registered by a fraudulent publisher who created a website imitating the genuine journal. As a result, the link to the journal in Clarivate’s Master Journal List has been compromised:
The strategy of hijackers of registering expired domains likely will continue. Journals that have ceased publishing are particularly at risk, as their web domains will eventually expire, making them vulnerable to dishonest publishers. Journals that have launched a new website on an alternative domain also are vulnerable, as are those that may have inadvertently failed to renew their domain registration.
Taking over expired domains provides fraudulent publishers with the opportunity to compromise homepage links in scientometric databases, as well as index unauthorized content in some cases.
Like Retraction Watch? You can make a tax-deductible contribution to support our work, follow us on Twitter, like us on Facebook, add us to your RSS reader, or subscribe to our daily digest. If you find a retraction that’s not in our database, you can let us know here. For comments or feedback, email us at [email protected].
Did these journals use PIDs (e.g. DOIs) and if they did were the identifier also still pointing to the old hijacked domains?
Hi colleagues. I have provided a list of hijacked journals and also invalid ones during last 5 years. Let me an email address to send you. May be the list helps to quality of science.
It’s unfortunately easy to inadvertently let one’s domain expire, simply because because registrars don’t send any reminder that a renewal will be needed, and because those renewals are infrequent enough that staff will often have changed in the mean time. It happened to the journal I run a few months ago (nobody else grabbed the domain during the day or two that it was unassigned, but I suppose someone could have if they’d been watching) and the next renewal is in in 9 years.
That’s crazy. I had experience with that. All my friends and colleagues were doubted me because of the fraudulent journals. Shame on them.
The entire doi.org domain briefly lapsed over an expired domain registration. I guess when there’s a global outage to journal access, the administrators took note and got it back before anyone else scooped it up. Amazing just how weak some weak links in major operations can be.
https://www.crossref.org/blog/january-2015-doi-outage-followup-report/
Something to be said about the old timers and their journals printed on paper. Can’t lose an entire journal(s) from administrative glitches or errant code when copies a physically distributed.