|
Indian Pediatr 2016;53: 1027 |
|
Hackers Spy Scientists
|
*Mehdi Dadkhah and #Giorgio
Bianciardi
*Indepedent scientist, Isfahan, Iran and #Department
of Medical Biotechnologies,
Anatomia Patologica, Siena University, Siena, Italy.
Email: [email protected]
|
Two weeks ago, I received an e-mail from the editor of a reputed journal
requesting me to download an agreement report by using a link in that
email. After clicking on the link, I was directed to a web page which
requested me to logon with my e-mail credentials. As I am an information
technology scientist, I detected that I am facing to a phishing attack.
In information security literature, phishing attack is an attempt for
stealing users’ sensitive information by using a fake website similar to
the authentic one [1]. Hackers steal e-mail credentials of journals’
editor, and then send many spam mails to steal sensitive information of
some researchers who know the editor. In a phishing attack,
cyber-criminals design a website similar to the target website. After
designing fake website, cyber-criminals direct users to their fake page;
when researchers open fake website and enter their information,
cybercriminals gather this information.
In recent years, phishing attacks are expanding to
scholarly publishing and academic world. Journal phishing, or hijacked
journals, are journals that mimic reputable journals with similar names
and ISSNs [3,4]. Researchers are receiving e-mails in names of editors,
popular universities or eminent researchers. In some e-mails, sender
request the receiver to open attachment or login to a website by using
his/her e-mail credentials. When the user open the attachment or login
to in the mentioned website, his e-mail credentials are stolen by
cyber-criminals. A question that may arise is how cyber-criminal could
send e-mails by using official emails of researchers or institutes? They
use an "e-mail spoofing technique." This technique uses the
vulnerability present in the TCP/IP protocol (TCP/IP is the computer
networking model and the set of communication protocols used to connect
computers over a network) that allows them to send e-mail from any
address. However, they cannot receive answers from sent e-mails, and
they allows include their phishing website’s URLs in spoofed emails to
cheat researchers and direct them to their phishing websites so that
they can steal their information. It is important for scientists to be
aware of their vulnerability to these attacks.
References
1. San Martino A, Perramon X. Phishing secrets:
History, effects, and countermeasures. International Journal of Network
Security. 2010;11:163-71.
2. Huang H, Tan J, Liu L. Countermeasure techniques
for deceptive phishing attack. In: New Trends in Information and
Service Science; 2009: 636-641. doi: 10.1109/NISS.2009.80
3. Jalalian M, Mahboobi H. Hijacked journals and
predatory publishers: Is there a need to re-Think how to assess the
quality of academic research? Walailak J Science and Technol.
2014;11:389-94.
4. Dadkhah M, Sutikno T, Jazi, Stiawan D. An introduction to journal
phishings and their detection approach. TELKOMNIKA Telecommunication,
Computing, Electronics and Control. 2015;13:373-80.
|
|
|
|