CORRESPONDENCE/LETTER Two weeks ago, I received an e-mail from the editor of a reputed journal requesting me to download an agreement report by using a link in that email. After clicking on the link, I was directed to a web page which requested me to logon with my e-mail credentials. As I am an information technology scientist, I detected that I am facing to a phishing attack. In information security literature, phishing attack is an attempt for stealing users’ sensitive information by using a fake website similar to the authentic one [1]. Hackers steal e-mail credentials of journals’ editor, and then send many spam mails to steal sensitive information of some researchers who know the editor. In a phishing attack, cyber-criminals design a website similar to the target website. After designing fake website, cyber-criminals direct users to their fake page; when researchers open fake website and enter their information, cybercriminals gather this information. In recent years, phishing attacks are expanding to scholarly publishing and academic world. Journal phishing, or hijacked journals, are journals that mimic reputable journals with similar names and ISSNs [3,4]. Researchers are receiving e-mails in names of editors, popular universities or eminent researchers. In some e-mails, sender request the receiver to open attachment or login to a website by using his/her e-mail credentials. When the user open the attachment or login to in the mentioned website, his e-mail credentials are stolen by cyber-criminals. A question that may arise is how cyber-criminal could send e-mails by using official emails of researchers or institutes? They use an "e-mail spoofing technique." This technique uses the vulnerability present in the TCP/IP protocol (TCP/IP is the computer networking model and the set of communication protocols used to connect computers over a network) that allows them to send e-mail from any address. However, they cannot receive answers from sent e-mails, and they allows include their phishing website’s URLs in spoofed emails to cheat researchers and direct them to their phishing websites so that they can steal their information. It is important for scientists to be aware of their vulnerability to these attacks. References 1. San Martino A, Perramon X. Phishing secrets: History, effects, and countermeasures. International Journal of Network Security. 2010;11:163-71. 2. Huang H, Tan J, Liu L. Countermeasure techniques for deceptive phishing attack. In: New Trends in Information and Service Science; 2009: 636-641. doi: 10.1109/NISS.2009.80 3. Jalalian M, Mahboobi H. Hijacked journals and predatory publishers: Is there a need to re-Think how to assess the quality of academic research? Walailak J Science and Technol. 2014;11:389-94. 4. Dadkhah M, Sutikno T, Jazi, Stiawan D. An introduction to journal phishings and their detection approach. TELKOMNIKA Telecommunication, Computing, Electronics and Control. 2015;13:373-80.
Dadkhah, M., Bianciardi, G. (2016). Hackers Spy Scientists. INDIAN PEDIATRICS, 53(11), 1027-1027.
Hackers Spy Scientists
Bianciardi, Giorgio
2016-01-01
Abstract
CORRESPONDENCE/LETTER Two weeks ago, I received an e-mail from the editor of a reputed journal requesting me to download an agreement report by using a link in that email. After clicking on the link, I was directed to a web page which requested me to logon with my e-mail credentials. As I am an information technology scientist, I detected that I am facing to a phishing attack. In information security literature, phishing attack is an attempt for stealing users’ sensitive information by using a fake website similar to the authentic one [1]. Hackers steal e-mail credentials of journals’ editor, and then send many spam mails to steal sensitive information of some researchers who know the editor. In a phishing attack, cyber-criminals design a website similar to the target website. After designing fake website, cyber-criminals direct users to their fake page; when researchers open fake website and enter their information, cybercriminals gather this information. In recent years, phishing attacks are expanding to scholarly publishing and academic world. Journal phishing, or hijacked journals, are journals that mimic reputable journals with similar names and ISSNs [3,4]. Researchers are receiving e-mails in names of editors, popular universities or eminent researchers. In some e-mails, sender request the receiver to open attachment or login to a website by using his/her e-mail credentials. When the user open the attachment or login to in the mentioned website, his e-mail credentials are stolen by cyber-criminals. A question that may arise is how cyber-criminal could send e-mails by using official emails of researchers or institutes? They use an "e-mail spoofing technique." This technique uses the vulnerability present in the TCP/IP protocol (TCP/IP is the computer networking model and the set of communication protocols used to connect computers over a network) that allows them to send e-mail from any address. However, they cannot receive answers from sent e-mails, and they allows include their phishing website’s URLs in spoofed emails to cheat researchers and direct them to their phishing websites so that they can steal their information. It is important for scientists to be aware of their vulnerability to these attacks. References 1. San Martino A, Perramon X. Phishing secrets: History, effects, and countermeasures. International Journal of Network Security. 2010;11:163-71. 2. Huang H, Tan J, Liu L. Countermeasure techniques for deceptive phishing attack. In: New Trends in Information and Service Science; 2009: 636-641. doi: 10.1109/NISS.2009.80 3. Jalalian M, Mahboobi H. Hijacked journals and predatory publishers: Is there a need to re-Think how to assess the quality of academic research? Walailak J Science and Technol. 2014;11:389-94. 4. Dadkhah M, Sutikno T, Jazi, Stiawan D. An introduction to journal phishings and their detection approach. TELKOMNIKA Telecommunication, Computing, Electronics and Control. 2015;13:373-80.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
https://hdl.handle.net/11365/1026212