The ‘hijacking’ of the Scandinavian Journal of Information Systems: Implications for the information systems community

Journal hijacking, which refers to the attempted brand takeover of a journal by a third party, is a nascent threat confronting the information systems (IS) community, as evidenced by cybercriminals having established an online presence, masquerading as the Scandinavian Journal of Information Systems (SJIS). The SJIS hijacking damages the journal's reputation, leads to payment and publication scams, involves identity theft among unsuspecting IS researchers, and results in tarnished author reputations. Beyond SJIS, journal hijacking presents a threat, not only to the IS community, but also to science and academic integrity in general if researchers and readers cannot distinguish between fake publications by hijacked journals and real publications by legitimate journals. In this opinion article, we relate the story of the SJIS hijacking from the victims' perspectives. We describe its many aspects, draw attention to the key factors that contribute to the problem, and offer our perspectives on different response strategies in the absence of simple solutions. We hope to create awareness about the problem and stimulate a discussion in the IS community, not least in the face of digital innovations, such as ChatGPT and other artificial intelligence technologies that may inadvertently support paper mills and the production of fake research results.


| INTRODUCTION
In this opinion article, we draw attention to journal hijacking as a nascent threat, not only to the information systems (IS) community, but also to science and academic integrity in general (Dadkhah, Maliszewski, & Teixeira da Silva, 2016).Hijacked journals are 'scam websites that impersonate legitimate titles' (Else, 2022).By hijacking the brands, web domains, or International Standard Serial Numbers (ISSNs) of legitimate academic journals, cybercriminals try to deceive credulous authors into paying to have their works published (Abalkina, 2021b;Bohannon, 2015;Dadkhah, Maliszewski, & Teixeira da Silva, 2016).Hijacked journals differ from predatory journals (Abalkina, 2021b), although both are forms of predatory publishing practices.Journal hijacking is reported to be a growing problem (Nagarkar & Khole, 2023) but is new to the IS field.Whereas some authors publish in predatory journals despite knowing the latter's questionable reputations (Nielsen & Davison, 2020), we suspect that the same cannot be said of hijacked journals.This issue needs further investigation in the future.
We describe the hijacking of the Scandinavian Journal of Information Systems (SJIS), discuss its implications, and suggest strategies for responding to it.Whereas the existence of predatory journals is a well-documented problem (Nagarkar & Khole, 2023), with growing awareness of its gravity in IS (Nielsen & Davison, 2020), journal hijacking is a less widely known threat to the scientific community at large.In our opinion, IS scholars are particularly vulnerable because IS journals had not been targeted previously to any appreciable extent, which means that there are no accumulated experience and knowledge on which to draw on to defend against and respond to journal hijacking.
To the best of our knowledge, the SJIS hijacking is the first instance involving an Association for Information Systems (AIS)-affiliated journal.According to the Retraction Watch Hijacked Journal Checker (Retraction Watch, 2023), other IS journals (e.g., the Journal of Computational Information Systems) have been hijacked, but we have been unable to find any publications on the subject matter.Thus, although journal hijacking concerns all scholars, not only IS researchers, we need to create awareness of the problem among ourselves as a basis for combating it in our community.To this end, we describe journal hijacking as a multifaceted and complex problem, which in cases such as the SJIS hijacking involves not only publication scams but also identity theft and intellectual property (IP) theft.The case reveals three main categories of victims.The first category includes potential contributors to legitimate journals.These authors who act in good faith risk paying bogus publication fees and may suffer reputational damage.The second category comprises unsuspecting researchers at risk of having their identities and IPs stolen, with negative impacts on their self-images and career trajectories.In our opinion, this is a problem that the entire IS community should care about since many if not most of its members fall under the category of unsuspecting researchers.The journals whose brands are seized and misused by cybercriminals belong to the third category.As shown in this article, guarding against a hostile takeover and regaining control of a journal's brand are not easy.
Because journal hijacking is a problem that we did not have to contend with previously in the IS community, we are navigating unfamiliar territory in trying to understand and combat it.We are motivated by the desire to draw attention to the problem, help contain it, and initiate a discussion of solutions.To form our opinion, we rely on our own experiences and insights from other research fields, such as the medical sciences, where journal hijacking is a particularly prevalent problem (Nagarkar & Khole, 2023).In summary, our opinion is that journal hijacking poses a serious threat to IS researchers, and we currently lack effective means of dealing with it.We propose that we need to consider unconventional and radical solutions to the problem, such as 'fighting fire with fire', that is, taking a page from the cybercriminals' playbook and using their own tools to reveal and disrupt their operations.
This article is structured into two main sections.First, in Section 2, we describe our experiences around the SJIS hijacking.We want to create awareness of the problem, and we believe that this is best accomplished by presenting the case in such detail that our IS colleagues can relate to it.The case story sheds light on the consequences and challenges of the hijacking.Second, we investigate the problem in Section 3 from the perspectives of the victims, who include submitting authors and researchers whose identities and IPs are stolen.We discuss the roots of the hijacking problem and subsequently, its potential solutions.Our goals are to paint a nuanced and comprehensive picture of journal hijacking, including the difficulties in responding effectively to it, and to synthesise our experiences into an opinion on the strategies needed in the future.

| SJIS HIJACKING
The SJIS hijacking has involved many separate events from early 2023 to the time of writing this opinion article.
Figure 1 illustrates a timeline of these events.An elongated version of the figure in higher resolution is available for download here: http://u.pc.cd/R0d.The goals of Figure 1 are to provide the reader with an overview of the case and to communicate the multifaceted nature and complexity of the problem.We shall refer to this figure again in the following subsections.

| SJIS hijacking detected
On 6 February 2023, an author e-mailed the editor-in-chief (EiC) of SJIS in response to a desk rejection of a manuscript she had submitted to the journal (Figure 1, 'SJIS hijacking detected').The e-mail revealed that she had been tricked into submitting her manuscript through a fraudulent website and was being deceived into believing that the article would be published, pending the payment of a processing fee.However, she had acted in good faith when she found what she believed to be a link to the legitimate SJIS through Scopus.It turned out that she had also submitted her manuscript through bepress, the online submission system used by SJIS, and became suspicious when the EiC desk rejected it, which had already been accepted by the fraudulent website.She is one of the victims whose story has motivated us to write this article.The e-mail is shown in Figure 2.
The EiC responded promptly, warning her that she had been the victim of a scam, the acceptance letter (Appendix A) was fake, and SJIS does not charge publication fees.Subsequently, the EiC immediately conducted a personal inspection of the illegitimate website and confirmed that cybercriminals had established an online presence masquerading as SJIS.The legitimate and the fraudulent SJIS websites are shown side by side in Figure 3.
At that time, the fraudulent website contained the entire archive of SJIS articles, but the cybercriminals had also added two articles to vol. 34, no. 2 (2022) and eight articles to the (at that time) unreleased vol.35, no. 1 (2023).All of these articles have been downloaded by the EiC for future reference and possible litigation.An example of an article downloaded from the fraudulent SJIS website is shown in Figure 4.
We do not know whether the authors are aware that the article has not been published by the legitimate SJIS.
We have unsuccessfully tried to contact the authors.
Fortunately, the victimised author (Figure 2) was forthcoming, shared all communication with the cybercriminals (Appendix B) at the request of the EiC, and provided answers to follow-up questions, which led to an understanding of the illegal operation.The e-mail correspondence with her revealed that Scopus had directed her to the fraudulent website.Figure 5 shows a screenshot of the Scopus page on SJIS.It shows the link to the fraudulent website (at the bottom of the screen) when the mouse arrow hovers over 'Source Homepage'.Apparently, the cybercriminals had managed to effect a link change from the legitimate SJIS website to the fraudulent one.We have been unable to determine how this change was brought about.
F I G U R E 2 E-mail from a victimised author.

| Responding to the scam
The victimised author's communication with the cybercriminals (Appendix B) revealed their use of Gmail and PayPal for their illegal operation.Therefore, the EiC of SJIS proceeded to contact Gmail and PayPal, informing them and requesting their help in responding to the scam (Figure 1, 'AIS, PayPal, & Gmail informed').Scopus was also asked to correct the link (Figure 1, 'Scopus informed'), and both Gmail and PayPal were asked to close the accounts involved in the criminal enterprise.Neither Gmail nor PayPal responded to these requests for help.A Scopus customer support supervisor recognised the problem and wrote that 'the URL has been updated in our system [and] it will be updated in the journal homepage during source refresh which is schedule [d] to happen in the month of May 2023' (Figure 1, 'Response from Scopus received').The EiC asked Scopus to speed up the process and made it clear that the latter's failure to correct the problem immediately by delaying the update for more than 2 months would be tantamount to contributing to the continuation of the scam.The supervisor declined but promised to raise the issue with 'higher management'.An Elsevier engagement manager became involved, but it is unclear whether this influenced the outcome.However, the 'Source Homepage' link had been removed by 24 April 2023 (Figure 1, 'Scopus link removal detected'), which means that at the time of writing, Scopus links to neither the legitimate nor the fraudulent website.
A warning about the scam was first posted on the legitimate SJIS website (Figure 1, 'Warning posted on SJIS website') and then sent to the IS community on 14 February 2023 (Figure 1, 'Community warning broadcast'), using the AISWorld Listserv (AIS, 2023).
It was also decided that the EiC would inform the AIS, including its associate executive director and the chief operating officer, about the journal hijacking and ask for assistance in responding to the threat (Figure 1, 'AIS, PayPal, & Gmail informed').AIS associate executive director was helpful in reporting the fake website to Google and Bing to require these major search engines to flag it as fraudulent and minimise the risk of the link appearing in the search results (Figure 1, 'Google and Bing warned').At the time of writing, the fraudulent website MÜLLER and SAEBØ nevertheless appears as the fourth result on Bing and the third on Google when searching for 'Scandinavian Journal of Information Systems' (Figure 6).
The AIS associate executive director was also helpful in contacting Marcaria.com,the ICANN-accredited1 domain registrar of the fraudulent domain of the website, asking the company to deactivate the domain because it was used for fraudulent purposes (Figure 1, 'Marcaria.comnotified #1').Marcaria.comresponded promptly but denied responsibility.A domain account manager wrote: Please note that this domain is registered for one of our clients and we have contacted the owner of the domain scandinavian-iris.orgfor further investigation.It is very important that you keep in mind that we are the domain registrar but we are not responsible for the content of the domain.This means that we are not in a position to judge the content or forced to suspend, delete or transfer a domain.For this reason, our normal procedure is to inform the client; request them to investigate, solve the complaint, delete the infringement link, explained themselves, etc. the apparent hijacking of their journal (Figure 1, 'JIS informed').In mid-March, it was discovered that the content was back and that the website was once again masquerading as SJIS, with tens of articles listed in the latest issue.In early April, this number was rapidly approaching 100 articles.A new complaint was sent to Marcaria.com(Figure 1, 'Marcaria.comnotified #2'), which reported that the domain had been transferred to another registrar.The AIS associate executive director was unable to identify the new registrar.The EiC then asked the AIS to report the hijacking to the Internet Crime Complaint Center.
F I G U R E 6 Fraudulent Scandinavian Journal of Information Systems website on Google and Bing.

| New developments: Identity theft and IP theft
New developments since the SJIS hijacking underscore the multifaceted nature and complexity of the problem.First, an author discovered that his identity had been stolen and used for publication purposes.Second, another author contacted the EiC of SJIS with suspicions that a received acceptance letter was fake.Third, an academic officer contacted the EiC, asking for confirmation that an article, which turned out to have been published on the fraudulent website, had been accepted by SJIS.Fourth, a third author described how his IP in the form of a submitted article had been stolen and published by someone else.We briefly explain each development in turn.
An author, who had previously published in SJIS, discovered in late March that his name appeared on an SJIS article with a title that he did not recognise (Figure 1, 'Author identity theft discovered').This article showed up on his Google Scholar profile page and linked to the fraudulent website, as shown in Figure 7.The article's title and abstract are not typical of SJIS or any other legitimate IS journal.
The authors were able to remove the link between the fake article and their personal Google Scholar profiles, but the article still appears in Google Scholar searches.Further investigation revealed other articles by SJIS authors with nonsensical titles appearing on Google Scholar.An example is illustrated in Figure 8.
All four authors had previously published in the legitimate SJIS-but not the articles with the shown title.Note that the title is the same, but the authors differ.In both cases, the articles link to the fraudulent website.The EiC investigated the content of the articles and registered a profile on the fraudulent website under an alias.The website entices users to register in order to access its so-called subscriber-only resources.However, the PDF links on the website are inactive.F I G U R E 9 E-mail from an academic officer.
The author had been looking for a reputable and Scopus-indexed journal in which to publish his research article and was deceived by the fraudulent website.He submitted his manuscript but immediately encountered login issues and eventually gave up on publishing it in what he believed to be the legitimate SJIS in the absence of help to remedy the problem.It was only later when he had successfully published the article in another journal that he realised that it had been published on the fraudulent website under different author names.Figure 10 shows a screenshot of the victimised researcher's e-mail to the EiC to inform the latter of the IP theft.
The EiC was able to verify that the article was published by another journal and therefore contacted the lead author, whose name appeared on the same article published on the fraudulent website.The author sent the following response: 'Respected sir, I am looking into the matter.I think it was wrongly uploaded.It was removed from the journal as requested.Extremely sorry for the inconvenience' (personal communication with the EiC of SJIS, 11 July 2023).

| DISCUSSION
We have described the SJIS hijacking and the many separate events involved, the responses from the EiC and other stakeholders, and some of the latest developments.The SJIS hijacking sheds light on the negative implications of journal hijacking.It damages the reputation of the journal, leads to payment and publication scams, involves identity theft and IP theft among unsuspecting IS researchers, and results in tarnished author reputations.
In the following subsections, we discuss journal hijacking from the victims' perspectives, trace the roots of the problem, and suggest solutions to this nascent threat, not only to the IS community, but to science and academic integrity in general.
Table 1 summarises some of the key consequences of journal hijacking and their potential remedies.We refer to the content of this table in the subsections that follow.
F I G U R E 1 0 E-mail from another victimised author.

| Authors as victims of journal hijacking
At the individual level, authors who fall prey to publication scams, such as the victims of the SJIS hijacking, may suffer emotional distress.The author, whose e-mail alerted the EiC to the SJIS hijacking, characterises the scam as a bitter experience that leaves her uncertain about whom she can trust.Victims like her may also face career obstacles.She experienced a professional setback because she could not meet university publication requirements since her article was not published by SJIS.She needs two publications in Scopus-indexed journals to advance her research career and is currently looking for an alternative publication outlet.Another example of a career obstacle is the difficulty of having a PhD dissertation accepted if one or more articles are published in hijacked journals.The PhD student whose article was published on the fraudulent website (Figure 9) is a case in point.The academic officer from Naresuan University informed the EiC that the student not only lost the money she had paid for the publication but was also unable to graduate in that academic year and consequently suffered mental health problems.At the time of writing, we do not know when the victimised PhD student will be able to graduate, but we are closely following the case.
Lastly, we suspect that authors who have been victimised by hijacked journals may be unable to subsequently publish their works in legitimate journals because the research results are already in the public domain.
The targeted authors are deceived into believing that they are publishing in a respected journal.Many of the victims are from India and other developing countries.This claim is supported by Abalkina (2021a)  Although the author is a researcher from India who fits the profile of typical victims who 'are, for the most part, young and inexperienced researchers from developing countries' (Xia et al., 2015), we argue that all IS researchers, regardless of age and experience, are at risk of falling prey to this type of scam.The reason is that we are likely to have our guard down when communicating with what we believe to be a legitimate and trustworthy journal, especially when the link to the fake journal's website comes from reputable bibliographic databases such as Scopus.
Researchers need to develop the skills to detect and avoid journal hijacking.This involves, among other things, T A B L E 1 Journal hijacking: Stakeholders, consequences, and remedies.

Authors
• Emotional distress (1) scrutinising the journal's website for inconsistencies and errors (e.g., spelling errors), (2) being wary of aggressive marketing campaigns and unsolicited article submission invitations, (3) checking the name of the journal against known lists of hijacked and predatory journals, and (4) being cautious of journals demanding publication fees without providing transparent peer-review processes or editorial services (Abalkina, 2021b).Irrespective of age, experience, or country of origin, researchers who become victims of hijacked journal scams are at risk of not only emotional and financial damages but also IP and reputational losses.They lose control of their IPs to the scammers, and retracting a published article can be challenging.Some may experience shame and fear further humiliation for having unknowingly fallen into a trap designed to deceive unsuspecting individuals.
Authors looking for publication outlets in Scopus or other trusted sources are advised to practice due diligence on their own.First, they should consider whether a targeted journal mandates peer reviews of submitted manuscripts, which is a cornerstone of academic publication practices (Davison et al., 2005) access publishing leads to the increasing requirement for authors to pay for publication of their articles, such as through APCs (Laakso et al., 2011).This trend is creating fertile grounds for scams like the SJIS hijacking: 'As scientific publishers experiment with new formats and business models online, it has become increasingly easy for fake publishers to masquerade as legitimate ones' (Grudniewicz et al., 2019, p. 212).These fake publishers seize the opportunity to scam credulous authors out of their money by charging APCs with little or no real article processing (Beall, 2012).Abalkina (2021b) offers authors additional advice on how to avoid hijacked journals.

| Unsuspecting researchers as victims of journal hijacking
The SJIS hijacking shows that all IS researchers are at risk of having their identities stolen, with potentially serious consequences.The identity theft involved in the publication of articles in their names without their knowledge and consent can discredit them.Consider the case where such an article advances a controversial perspective on a sensitive topic related, for example, to race, gender, and religion.In such a situation, a fake article can damage the reputation of the author whose identity has been stolen.In the reported case (see Section 2.3), the topic was not controversial but deviated substantially from the academic profile of the author.The author is legitimately concerned that such a publication leaves the impression that his research lacks focus and quality, especially if the problem grows in magnitude in the future, and that he becomes 'tainted by association' (Beall, 2012) by having his name appear on a fraudulent journal website.This impression may have a negative impact on the invitations (e.g., to review articles and participate in panel debates) and opportunities (e.g., promotions) that he receives.
We do not know with certainty why fake articles are published in the names of established researchers but speculate that it serves to make the articles appear credible, which, in turn, gives the hijacked journal more legitimacy and help the cybercriminals build a reputation around the fraudulent website as a legitimate scientific publication outlet (Dadkhah, Maliszewski, & Teixeira da Silva, 2016).Unsuspecting researchers who realise that their identities have been stolen and misused are advised to request that the information and links to fake articles be removed from Google Scholar, other indexing platforms, bibliographic databases, and reputable websites.Although identity theft is impossible to prevent, we recommend that all IS scholars ensure that their researcher profiles on ResearchGate and ORCID are updated.Both platforms allow researchers to create profiles where they can list their publications, affiliations, and other professional information.Both use unique identifiers to help disambiguate authors and ensure that researchers receive credit for their works.While ORCID is primarily a system used to uniquely identify researchers and link them to their publications (https://orcid.org),ResearchGate also has social networking features (https://www.researchgate.net).Both platforms are credible sources of information used to verify the publications of a researcher, although ideally, they should implement additional security features in the future to ensure the integrity of their data.In the absence of a blockchain-based solution, where a researcher's identity is verified and the person's publications are time-stamped and stored in an immutable ledger, two-factor authentication and Internet Protocol address verification are measures that would make it difficult for scammers to create fake accounts or falsify data from other people.

| Journals as hijacking victims
First, journals are advised to consider how they can protect their IPs and those of contributing authors.
Cybercriminals capitalise on legitimate journal brands, which provide fraudulent journal websites with a semblance of credibility.As demonstrated by the SJIS hijacking, the criminals have established a website that not only mirrors the content of the legitimate journal but also contains content published by the fake journal.For example, at the time of writing, the fraudulent website contains more than 100 articles by victimised authors.It follows that the easier it is to copy content, the higher the risk of journal hijacking.In the SJIS hijacking, the criminals have been able to download the entire archives because the journal is open access, and the articles are not hidden behind an access or paywall.In other cases, the 'fraudulent publishers reduce costs and use the same articles to form the fake archives of hijacked journals' (Abalkina, 2021a, p. 7129).
Second, journals are also advised to continuously search for fake publications in their names.We were initially puzzled by the appearance of fake articles by authors who had previously published in SJIS.However, after investigating Google Scholar indexing and library linking practices, we speculate that the articles help increase the visibility of the fraudulent website, which in turn generates more traffic and makes it more likely that authors fall prey to the scam.This is consistent with the findings of Siler, Vincent-Lamarre, Sugimoto, and Larivière (2021, p. 565), who point to 'evidence of 'cloning' and 'recycling' to produce a 'fictitious archive' for journals collecting publishing fees.' Fake articles are automatically detected by indexing platforms and bibliographic databases, such as Google Scholar and Scopus that index and link to articles from legitimate journals.Since the fraudulent website has hijacked the legitimate one and uses the official journal name, it is evidently possible to cheat the algorithms.In addition to the Google Scholar results shown in Figure 8, the screenshot in Figure 11 supports this claim.It shows that a fake article has made its way into the library catalogue of the University of Oslo (UiO), adding legitimacy to the fraudulent journal.
The university library currently has no means of addressing the problem since it pulls data automatically from Scopus.
The highly automated and interconnected nature of indexing services makes them vulnerable to hijacked journals.
Therefore, journals should pay particular attention to the validity of the information provided by indexing platforms and bibliographic databases.We find support for this claim in Abalkina's (2021a) hypothesis that the criminals' ability to compromise the information that users access through these platforms and databases explains why such criminals are successful in deceiving authors.These platforms and databases, which in the SJIS hijacking case are Google Scholar and Scopus, are the primary means through which criminals try to lure authors to fraudulent journal websites.

| Roots of the journal hijacking problem
Viewing the problem from an institutional perspective, several compounding factors contribute to the increase in predatory publishing practices in general and journal hijacking in particular.These factors include publication pressures within academia and the absence of an effective internet governance regime.
The pressure on researchers to publish their works (captured by the 'publish or perish' aphorism) has been mentioned as one of the root causes of the growing number of predatory journals (Nielsen & Davison, 2020).The same pressure helps explain the rise of journal hijacking as a multifaceted and complex problem (Abalkina, 2021b).As demonstrated by the SJIS case, the pressure to publish in Scopus-indexed journals, combined with the cybercriminals' ability to effect a change of the journal link in Scopus to the fraudulent website, has helped perpetuate the problem of journal hijacking.The publication pressure should be viewed in the context of ongoing changes within the academic publishing industry and the trend toward open-access publishing (Abalkina, 2021b).to the UNESCO Science Report (UNESCO, 2021), cybercriminals profit from the open-access publishing model by exploiting the pressure on scientists to publish.Therefore, UNESCO (2021, p. 13) calls for: New types of funding arrangement between universities and publishers or funding agencies and publishers that are in a position to offer sustainable alternatives to either the 'author-pays' or 'readerpays' models.Many funders currently cover publication costs as part of research grants, with some funders now conditioning funding of a proposal on a commitment by the beneficiary to open access publishing and/or communication of their research results.
(UNESCO, 2021, p. 13) The lack of author awareness of journal hijacking also contributes to the high number of reported scams (Moussa, 2021).Human beings comprise the weakest link in cybersecurity (Aldawood & Skinner, 2018), and there is an urgent need for awareness and action to address the threats that hijacked journals pose to the integrity and credibility of contemporary scientific publishing (Dadkhah, Maliszewski, & Teixeira da Silva, 2016).Education and training are often mentioned as remedies (Dadkhah, Maliszewski, & Jazi, 2016), and authors of scientific publications should be able to detect the hijacked version of a journal.In fact, it is claimed that 'exposing hijacked journals is not possible without developing good information technology solutions and an educational plan' (Dadkhah et al., 2021, p. e61).
We recommend that information about journal hijacking and how to avoid it become part of all PhD programs.The information should be adapted to technological advances because scams are likely to become more sophisticated and difficult to detect.Artificial Intelligence (AI) detection tools will be needed to assist researchers in identifying hijacked journals.
F I G U R E 1 1 Fake Scandinavian Journal of Information article appearing in the UiO library catalogue.
In addition to publication pressures within academia and the lack of author awareness, we argue that the absence of an effective internet governance regime is a factor that contributes to the rise and persistence of journal hijacking, based on our experiences with the SJIS hijacking.We found it very difficult, not only to the implicated technology companies of the misuse of their platforms, but also to convince them to take corrective and timely actions in response to reported cybercrimes.For example, the only way to contact Gmail, PayPal, and Scopus is by email or online registration forms.Additionally, not all the companies responded to our complaints, and there are no obvious ways to escalate unresolved issues to higher levels of governance.Our inability to resolve the issue surrounding the Scopus link to the fraudulent website in a timely manner is an illustrative example.The fact that the presence of predatory and hijacked journals in Scopus had previously been documented by some researchers (e.g., Abalkina, 2023;Memisevic, 2018) underscores the persistence of the governance problem.The governance problem is partly attributable to the networked nature of the platforms, which makes it even more intractable due to rapid propagation.The platform stewards are often technology companies, which are non-academic organisations that lack research domain knowledge but are involved in citation tracking and analyses.However, the absence of an effective internet governance regime is not unique to journal hijacking but is illustrative of more general judicial and regulatory challenges.A report by the think tank Third Way (Eoyang et al., 2018) addresses the enforcement gap between malicious cyber incidents and enforcement actions.The enforcement rate for incidents reported to the aforementioned Internet Crime Complaint Center is estimated to be 0.3% (Eoyang et al., 2018).The conclusion is that cybercriminals operate with impunity.A joint report by Europol and Eurojust Public Information ( 2019) provides an overview of the common challenges in combating cybercrime from both law enforcement and judicial perspectives.Despite international and regional treaties on cybercrime (e.g., the Council of Europe's Convention on Cybercrime of 2001), differences among national legal frameworks present serious challenges to international criminal investigation and prosecution of cybercrime (United Nations Office on Drugs and Crime, 2023).These challenges persist in the absence of an international legal framework for efficient cross-border cooperation.Simply stated, the persistence of cybercrime, including predatory publishing practices such as those involved in journal hijacking, can be partly attributed to the absence of an effective international governance regime that should regulate internet behaviour.The lack of a legal basis for enforcement actions makes it difficult to stop hijacked journals from operating, which in turn leads to a whack-a-mole game with the criminals.In the SJIS hijacking case, this is illustrated by the criminals transferring the domain used to perpetrate their crime to another registrar when the AIS issued a complaint on behalf of SJIS.

| Potential solutions to the journal hijacking problem
As evidenced by the SJIS case, journal hijacking is a multifaceted and complex problem with serious consequences for authors and journals alike.The many negative implications of journal hijacking (in particular) and predatory publishing practices (in general) raise this question: How can the problem be combated?The Committee on Publication Ethics' (COPE Council, 2019) discussion document, Predatory Publishing, contains useful information on predatory publication practices.Abalkina (2021b) also provides useful recommendations for journals and advice for authors on how to avoid hijacked journals.
Based on our experiences with the SJIS hijacking, we suggest different response strategies, distinguishing between defensive and offensive types.On one hand, defensive strategies involve taking proactive steps to prevent journal hijacking and implementing remedial actions when authors have been victimised.On the other hand, offensive strategies entail responding reactively to journal hijacking by launching counterattacks to deter this type of cybercrime.In terms of defensive strategies, we must raise awareness by shining a light on this nascent threat.
Journal hijacking is a form of predatory publishing practice that is new to IS. Information about cybercrime, along with corrective and preventive measures, must be spread to all stakeholders.Some useful sources of information include Retraction Watch's (2023) Hijacked Journal Checker and Beall's (2023) list of hijacked journals-although the latter is incomplete and ceased operations in 2017 (Grudniewicz et al., 2019).AIS should assume a leadership role in the dissemination of information on predatory publishing practices, including journal hijacking, and update the Code of Research Conduct (AIS Research Conduct Committee, 2023) to repudiate any and all forms of predatory publication.We need a stick-and-carrot approach to solving the problem.Knowing that authors fall prey to scams unwittingly, AIS should also provide guidance and counselling to members who have been victimised in some way or another.Although it is both important and necessary to increase awareness, it is not a sufficient problem-solving strategy.A commentary in the journal Nature mentions that more than 90 checklists are available to help identify predatory journals (Grudniewicz et al., 2019).However, the problem not only persists but is increasing in the field of medical sciences (Nagarkar & Khole, 2023).There is no reason to believe that the IS research field will not experience similar developments.
The problem will likely increase as a consequence of publishers' change of their business models to open-access publishing.Instead of readers paying to access articles, authors are expected to pay for publication, which enlarges the market for cybercriminals.Paying for a publication is no longer a 'red flag' that warns of a scam.The problem is also likely to be exacerbated by emerging technologies such as ChatGPT and other AI-powered services that inadvertently support paper mills and the production of fake research results.Therefore, we need to consider additional defensive strategies.Some of the more novel suggestions found in the literature include auditing peer-review processes and banning publishers that harbour hijacked journals (Siler et al., 2021).For relevant distinctions among short-, mid-, and long-term solutions to journal hijacking, see Moussa (2021).Regarding the IS community, AIS has an important role to play in providing information resources.Special interest groups (SIGs), which are AIS communities with a shared interest in advancing specific areas of IS knowledge, are obvious stewards of these tasks-that is, blacklisting and whitelisting journals and other publications based on members' input.Another potential defensive strategy is for universities and university libraries to pressure Scopus and other platforms and databases to improve their information quality assurance practices to ensure that the information they provide is valid and trustworthy.
Security measures and procedures need to be instituted to prevent unwanted information changes and to promptly process information change requests.If they cannot respond-for example, to news of journal hijacking-in a timely and effective manner, they are at risk of becoming irrelevant or even part of the problem.Single universities or libraries may not have the power to influence the practices of these platforms and databases, let alone change them.
Therefore, we suggest the active involvement of global actors such as the International Association of Universities (https://www.iau-aiu.net)and the International Federation of Library Associations and Institutions (https://www.ifla.org),with member institutions from approximately 130 and 150 countries, respectively.Despite our negative experience with Scopus, we believe it is in the self-interest of the databases to tackle the problem in a more proactive manner, which will give some hope for the future.
However, we believe that even more forward-thinking solutions and offensive strategies are needed to combat the problem.In our opinion, it is time to take a page from the cybercriminals' playbook and use their own tools to reveal and disrupt their operations-to fight fire with fire.An analysis of the cybercrime ecosystem and strategies to combat it reveals 24 services in various cyberattack-as-a-service marketplaces (Huang et al., 2019).For example, it is easy to imagine how 'The Vulnerability Discovery as a Service', 'Exploit as a Service', and 'Payload as a Service' could be used to discover vulnerabilities within cybercriminals' systems and take advantage of them to launch an offensive campaign to take down the systems.It is a radical response strategy that is meant to be a deterrent against the hijacking of IS journals.The science journalist John Bohannon (2015) has shown the mechanisms behind journal hijacking, that is, by taking control of the internet domain of an academic contemporary art journal.The same mechanisms could be used to reverse-hijack a website that illegitimately pretends to be the official online presence of a

F
I G U R E 3 Legitimate and fraudulent Scandinavian Journal of Information Systems websites.F I G U R E 4 An article published on the fraudulent Scandinavian Journal of Information Systems website.

(
Marcaria.comDomain Account Manager, 21 February 2023)    The AIS was considering whether to report the fraudulent website through the Internet Crime Complaint Center (Federal Bureau of Investigation [FBI], 2023), which is an FBI agency that investigates cybercrime, but the AIS decided to wait and see if the content would be removed.The stolen SJIS content was subsequently removed (Figure1, 'Illegal content removed') from the fraudulent website, and the name of the website was changed to the Journal of Information Systems (JIS).The EiC of SJIS responded by informing the JIS editors of this change and F I G U R E 5 Scopus link to the fraudulent Scandinavian Journal of Information Systems website.
On 17 April 2023, another scam victim, a master's-level student from the University of Thi-Qar in Iraq, shared his suspicion that the acceptance letter he had received was fake (Figure1, 'Acceptance letter questioned').The ensuing correspondence revealed that he had paid US$375 in article processing charges (APCs) to a person in Iraq who forwarded the money to one or more conspirators in Jordan.A week later (24 April 2023), the EiC was contacted by an academic officer from Naresuan University in Thailand who had been unable to verify the authenticity of a publication submitted by a PhD student, which turned out to have been published by the fraudulent website F I G U R E 7 Fake Scandinavian Journal of Information Systems article with stolen identities.(Figure 1, 'Publication verification requested').The EiC sent e-mails to both the student and the academic officer to deliver the bad news.A screenshot of the e-mail from the academic officer is shown in Figure 9. On 19 June 2023, an author wrote the EiC: I regret to inform you that this fraudulent website has not only stolen my research article, but has also published it in their fabricated journal by manipulating the publication date.This alarming situation has caused significant harm to my intellectual property rights and academic reputation.I, unfortunately, fell victim to this deception due to the confirmation I received from Scopus several months ago, which verified the ISSN number associated with the fraudulent website.(Personal communication with the EiC of SJIS, 19 June 2023; see also Figure 1, 'IP theft reported') F I G U R E 8 Fake Scandinavian Journal of Information Systems articles on Google Scholar.
and our own inspection of author names on articles published on the fraudulent website.Furthermore, the EiC's correspondence with the victimised author confirmed this.She wrote in an e-mail: I am a research scholar, desperately searching for Scopus-indexed journals to publish my work.I need two publications in Scopus-indexed journals.Only then can I continue my research career.While searching the Scopus website, I came across your journal name.Unfortunately, the Scopus database has the fake website link under your journal's name.(Personal communication with the EiC of SJIS, 8 February 2023) We have been unable to identify effective solutions by reviewing the academic literature or seeking inspiration from major stakeholders, such as Clarivate (https://clarivate.com/blog/hijackedjournals-what-they-are-and-how-to-avoid-them)and Editage (https://www.editage.com/insights/what-you-needto-know-about-hijacked-journals).AIS acknowledges the gravity of the problem.The AIS vice president of publications has proposed to reconvene the publications committee to 'brainstorm for solutions to this elusive but persistent problem' (personal communication with the EiC of SJIS, 22 March 2023).
. Hijacked journals are likely to have very detached and transactional relationships with their victims, as the communication with the cybercriminals (Appendix B) shows.The lack of quality assurance and editorial support processes that presuppose more involved relationships between authors and legitimate journals (see, e.g.,Grudniewicz et al., 2019) is a clear warning signal.
Second, they should be cautious when payment of APCs is required for publication.One of the victims had to pay US$250, while another reported having paid US$375 to 'a person in Iraq who said that he deals with your magazine' (personal communication with the EiC of SJIS, 18 April 2023).This is consistent with Abalkina's (2021a) statement that hijacked journals 'exploit the open access model of publishing by charging a fee (article-processing charge)' (p.7124).However, APCs and similar fees are not evidence of scams themselves.The global trend toward open-