Posted by: bluesyemre | November 23, 2015

How to hijack a journal

Hijacking1280x720px

Even by the standards of Internet scams, the scheme is brazen. According to a tip sent to Science, fraudsters are snatching entire Web addresses, known as Internet domains, right out from under academic publishers, erecting fake versions of their sites, and hijacking their journals, along with their Web traffic.

Website spoofing has been around since the rise of Internet search engines, but it’s only in the past few years that scholarly journals have been targeted. The usual method is to build a convincing version of a website at a similar address—www.sciencmag.org rather than www.sciencemag.org—and then drive Web traffic to the fake site. But snatching the official domain is an insidious twist: Unsuspecting visitors who log into the hijacked journal sites might give away passwords or money as they try to pay subscriptions or article processing fees. And because the co-opted site retains the official Web address of the real journal, how can you tell it’s fake?

After the tip came in from Mehdi Dadkhah, an information technology scientist based in Isfahan, Iran, Science put me on the case. Not only did my investigation confirm that this scam is real, identifying 24 recently snatched journal domains, I discovered how the hijackers are likely doing it. The only hard part is identifying vulnerable journals. Once the targets are identified, snatching their domains is easy. To test my theory, I snatched one myself. For a day, visitors to the official Web domain of an academic contemporary art journal based in Croatia were redirected to Rick Astley’s 1987 classic music video, “Never Gonna Give You Up.” (The editors there weren’t upset when they learned of the switch because the journal was already moving to a new domain.)

http://news.sciencemag.org/scientific-community/2015/11/feature-how-hijack-journal


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Categories

%d bloggers like this: