At the beginning of February 2023, I discovered that the Scandinavian Journal of Information Systems (SJIS) had been hijacked. As editor-in-chief of the publication, I had been contacted by an author confused by receiving both an acceptance letter and a desk rejection for her manuscript. I had rejected the paper because it did not align with our editorial policy. Upon investigation, the acceptance letter turned out to have been issued by cybercriminals attempting to charge her for publication in what she thought was SJIS but was in fact a fraudulent website posing as the journal.
Journal hijacking is a growing problem and a threat to the entire scientific community. Hijacked journals are scam websites that impersonate legitimate journals and attempt to take over their brand. A list including hundreds of these fake sites can be found at the Retraction Watch Hijacked Journal Checker. By stealing the brand, web domain, or the serial number used to identify a publication, cybercriminals try to lure researchers into paying for publications. The problem is in part attributable to increased pressure on researchers to publish their work in journals indexed in Scopus, Elsevier’s abstract and citation database.
Researchers of all experience levels fall prey to such scams. This susceptibility often stems from the tendency to be off guard when communicating with seemingly authentic and trustworthy academic journals, particularly when links to these journals are found on otherwise credible bibliographical databases.
In the case that led to the discovery of the SJIS hijacking, the researcher who was swindled described the experience as harrowing, making her question whom she could trust. She also ran into trouble at her university, which required her to have two publications in Scopus-indexed journals to advance her career.
Her inquiry triggered a thorough investigation on my part. Over the subsequent weeks, I found that several authors had been scammed by the same criminals and that the scams followed the same pattern.
The source of the problems in all cases was Scopus, which linked to the fraudulent website (http://sjisscandinavian-iris.com/index.php/sjis) instead of the real one (https://aisel.aisnet.org/sjis/). Searching for indexed journals, victims were led straight to the fraudsters.
The fake website also appeared in online searches. Both Google and Bing included it among their top results.
Although it appears the cybercriminals could easily infiltrate Scopus and search engines, removing the link to the fraudulent website has been much more challenging. Scopus took more than two months to delete the link, and it still appears in online searches despite my having reported it to the tech companies as a phishing scam on multiple occasions.
The authors I talked to said they had been deceived into paying the scammers up to $375 for a worthless publication. They also reported emotional distress and fear of reputational damage from unwittingly publishing in a hijacked journal. In one case, a PhD student’s defense was delayed because a central paper was not published in SJIS as she had believed.
The cybercriminals have gone to great lengths to make the fraudulent website appear legitimate. Having downloaded SJIS’ entire open-access catalog, they have added their own fabricated articles to different issues. They have also engaged in Google Scholar search engine optimization to lead more unsuspecting researchers to their site. And they have fabricated articles by previous contributors to the journal that show up in searches. When researchers click on links to what they believe are legitimate SJIS articles, the fraudulent website gets more traffic. The harm to the reputations of these authors raises concerns for their long-term career prospects.
My experience, which I have also described in an article in the Information Systems Journal, is that this type of cybercrime is difficult to stop. I have reported the journal hijacking to our professional association for scholars of information systems. In turn, the association has reported the crime to the domain registrar of the fraudulent website, resulting in the domain being transferred to an unknown registrar. Although we have reported the hijacking to various companies and authorities, including Google, Microsoft, the U.S. Federal Trade Commission, the Internet Crime Complaint Center, and the hosting provider, the fake site remains operational.
Presently, no effective legal means exist for dealing with journal hijacking. I, for one, am open to unorthodox methods to shut down these operations, including hacking and disclosing the identities of the criminals. Until effective solutions to this growing problem emerge, education and awareness are vital. We are all potential victims of this scam.
Sune Dueholm Müller is an associate professor at the University of Oslo and is currently serving as editor-in-chief of the Scandinavian Journal of Information Systems.
Like Retraction Watch? You can make a tax-deductible contribution to support our work, follow us on Twitter, like us on Facebook, add us to your RSS reader, or subscribe to our daily digest. If you find a retraction that’s not in The Retraction Watch Database, you can let us know here. For comments or feedback, email us at [email protected].
I understand your frustration, as this is not uncommon activity broadly in the online publishing world. And as a publisher, it is something I have dealt with on many occasions.
Based on my experience, there are means of addressing the issue that may be more effective than the ones you have taken to date. The best approach would be to file a UDRP complaint with ICANN for abusive domain registration and attempt to gain control over the domain so you can shut it down. The registrants will be required to identify themselves in the arbitration process, so they may choose to simply default.
At the same time, filing DMCA complaints with Google for every piece of stolen content would get that content de-indexed, so even if the site remained operational, it would be largely invisible to the outside world and of much less value to the scammers. When Google gets a sizeable number of valid DMCA complaints for a single domain, it’s not unusual for them to de-index the entire site.
Going forward, you should set up a Google alert for your journal name to help keep an eye out for unusual activity with your brand so you can nip these issues in the bud before you learn about from scammer authors.
Thank you. I appreciate the advice. I have so far reported the fraudulent site to Google and Microsoft, the FTC, the US Cybersecurity and Infrastructure Security Agency (CISA), the Internet Crime Complaint Center (IC3), and the hosting provider (GoDaddy). I have not heard from any of them and the site is still in operation. I hope filing a complaint with ICANN will make a difference. Fingers crossed!
This is indeed a sad experience. This is a serious threat to the Scientific space. The perpetrators clearly want to take advantage of those who are on a race for publications that are not peer reviewed. We can only thank you for your vigilance.
Thank you. I want us all to be vigilant. That is why I find it so important to talk about journal hijacking.
And does Scopus take any responsibility for linking to the fake journal? The very fact that they did it in the first place, combined with their slowness in addressing this, sounds honestly mind blowing. As the meme says, you had one job.
I do not know that they take any responsibility. They have been slow to respond but finally removed the link to the fraudulent site. I have been assured that internal policies are being updated to make sure that something like this does not happen again. We will have to wait and see…
Dear Sune,
that’s a horror history that of course comes from the way Open Access is being implemented by publishers. But I have a question: how did the hijackers know that the paper had been submitted (and eventually rejected) by the journal? It seems that they not only set up fake web pages, etc. but they could have infiltrated into the support system for the journal. Or am I misunderstanding something?
Excellent question. My investigation shows that the paper in question was submitted both through the journal’s submission system and the fraudulent website. I desk rejected it whereas the criminals accepted it without hesitation. Receiving both a rejection and an acceptance letter confused the author who then reached out to me. That event set everything in motion. As far as I can tell, our submission system has (luckily) not been hacked.
Manuel Carro Liñares makes a good point of the risk of the MS platform used being an additional risk. Looking at the site of Digital Commons, formerly BePress, it seems to have a very lean staff. Has the head of enginering, Ryan Gilfillan, been responsive to assisting in with addressing remediation? Is that an open-source platform?
I have not been in contact with the staff, but your questions make me want to conduct a cybersecurity assessment. Thank you. Again, at this time I have no reason to believe that the submission system has been compromised.