New types of fraud in the academic world by cyber criminals
2015; Wiley; Volume: 72; Issue: 12 Linguagem: Inglês
10.1111/jan.12856
ISSN1365-2648
Autores Tópico(s)Cybercrime and Law Enforcement Studies
ResumoIn recent years, the academic world has faced many challenges such as a move towards online open access publishing, and researchers have tried to accommodate them. However, this has also created problems. For example, Dadkhah et al. (2015a) covered unethical behaviours in the academic world, including plagiarism, article sale, forced joint authorship, conversion of a journal in to a 'print machine', and invitations to invalid conferences. I believe that the main reasons for the above mentioned challenges do not belong to the publishers alone; unethical behaviour of some researchers is also to blame and can be effective in creating such challenges (Christova-Bagdassarian 2014, Shashikiran 2014). Valuable insights regarding journal quality in relation to these challenges, specifically 'predatory publishing' have been provided by Beall (2010a,b). There is not much research on the types of cybercrime in the academic world but there are 31 papers in Google Scholar, six papers in Scopus, and a paper in PubMed investigating hijacked journals. However, these types of 'scams' are increasing and it is necessary to expose them. Most of these frauds are clearly unknown to many researchers. In this paper, I discuss new types of fraud in the academic world and present general guidelines for preventing them. Most of these frauds are complex and require knowledge about information security and thus many researchers cannot detect them. Hijacked journals are fake websites that use the name and ISSN of authentic journals to cheat authors. These journals publish authors' papers without review by receiving money. There is some research regarding hijacked journals, but it seems that this is insufficient because the number of victims of hijacked journals is growing. Some authors (Jalalian & Mahboobi 2014, Dadkhah et al. 2015c) discuss hijacked journals and define general guidelines for authors to detect this fraud. Also, there are editorials that expose specific hijacked journals with evidence of their fraud (Jalalian 2014a, Dadkhah & Sutikno 2015). Some of the research focuses on the ways forgers cheat authors, including bogus impact factors (Jalalian 2015), fake conferences (Dadkhah et al. 2015b), and social engineering (Dadkhah & Quliyeva 2014). There were 20 known hijacked journals in 2014 (Jalalian 2014b), but approximately 90 hijacked journals were detected in June 2015 (Jalalian & Dadkhah 2015). This shows that the prevalence of hijacked journals is growing. Also, in the initial hijacked journals, hijackers used simple methods for hijacking and, in most cases, they use a content management system to create the website. However, in 2015, we saw complex types of hijacking, where hijackers create hijacked websites similar to the original ones and use complex social engineering techniques to cheat scientific databases, such as Thomson Reuters, and index the fake website in these databases. Two examples are Allgemeine Forst und Jagdzeitung (Fake URL: http://www.sauerlander-verlag.com; accessed 08 October 2015) and GMP Review (Fake URL: http://www.euromed.uk.com; accessed 08 October 2015). Forgers cheat Thomson Reuters and indexed fake URLs by using some vulnerabilities in this scientific database. Currently, we observe a new type of hijacking. In previous hijacking methods, forgers used similar URLs to authentic journal URLs or created the website for journals that did not have a website. In the new hijacking method, forgers search in Thomson Reuters to find expired domains, which previously belonged to actual journals, then register them. When these expired domains are re-registered, authors will find the hijacked version of the journal in Thomson Reuters and think that it is the authentic version of journal. We list some examples of hijacked journals that forgers are using in this way: Journal of Veterinary Dentistry- ISSN: 0898-7564, Hijacked and indexed URL in Thomson Reuters (Fake URL: http://www.pspcommunications.com; accessed 08 October 2015; Authentic Version URL: http://www.jvdonline.org; accessed 08 October 2015); Intelligent Automation and Soft Computing – ISSN: 1079-8587 (Fake URL: http://autosoftjournal.org, Authentic Version URL: http://wacong.org/autosoft/auto/index.php); GMP Review – ISSN: 1476-4547 (Fake URL: euromed.uk.com, Authentic Version URL: http://www.euromedcommunications.com; accessed 08 October 2015). For detection of journals hijacked by this type of hijacking method, authors can use the Whois database (http://whois.domaintools.com/; accessed 08 October 2015). If the domain creation date does not match the years in which a journal has issues, the reviewed URL is fake because when an expired URL has been registered again by another person, the domain creation data will be changed to the most recent registration date. Also, editors of journals must inform scientific databases, such as Thomson Reuters, of any change in their journals' URL. Currently, forgers are attacking researchers for financial reasons. They gather list of emails addresses related to authors and send deceptive emails. They gather these email lists from open access journals with the use of specialized software. After collecting authors' email addresses, they send emails to authors and try to cheat them by sending fake PayPal invoices or phishing (Martino & Perramon 2010) websites. In most of these fraudulent emails, forgers promise a big prize or speak about new business opportunities and try to collect more information about their victims, then use this information to cheat authors in the next round of fraudulent emails. In this new type of fraud, authors think that they have received an original payment website or a subscription invoice from journals. To combat this type of fraud, I recommended authors do not answer such emails and ignore them completely. Also, authors must be careful about email attachments and not open suspicious file types, such as: .html, .jar, .exe, .xml etc. Phisher may create malware and infect victims' operation system to steal information (Dadkhah & Jazi 2014). In the current century, privacy is of the utmost concern and in the academic world we can see some types of privacy invasion through the selling of private information. Some questionable journals or conferences sell their participants' information (Lukiæ et al. 2014), including email addresses, telephone number and expertise to people who seek this information for advertisement. For example, many researchers receive calls for papers from predatory journals after participation in conferences or receive spam emails about some company. The best approach for dealing with this type of invasion of privacy is detection of fake conferences from authentic ones. Fake conferences often have unknown scientific committees, use independent URLs and general mail services such as Yahoo and Gmail. Recently, hijackers have created fake proof reading sites to hijack unpublished papers and sell them to people who seek such papers. Most of these fake proof reading sites promise fast, high quality and cheap proof reading to persuade their victims to send papers. After hijacking and selling the papers, we can find the same paper published with different authors. The answer to: 'which authors are the real authors of paper?' is very hard to determine. For detection of these fake proof reading sites, we suggest that authors use the Whois database and the Google page ranking algorithm (http://www.whatsmypr.net; accessed 08 October 2015). By using the Whois database, an author can search the domain and receive related information; if the domain registration time is less than a year, the reviewed site is suspicious. According our inspection, an authentic proof reading site has more than one page ranking. I have introduced the types of cybercrime in the academic world and presented general guidelines for detecting them because I find that there is a lack of knowledge in the academic world regarding cybercrime. It is necessary that researchers know about cybercrime, otherwise they may themselves become victims. In addition, cybercrime has an adverse effect on the quality of academic resources. For example, published papers in hijacked journals may be indexed in scientific bases and be cited in future papers. Working to assess other aspects of cybercrime continues.
Referência(s)