Authors, Ethics, Peer Review, Research, Social Role, Technology, Tools

Editorial Spoofing in the Age of Electronic Peer-Review

Mariachi Spoof - Blanco

Mariachi Spoof – Blanco (Photo credit: Larry1732)

Yesterday, our friends at Retraction Watch broke a story about Elsevier’s peer review systems being spoofed, leading to at least 11 retractions thus far. It appears that one or more people, yet to be identified, were able to become reviewers in the system using someone else’s name and a fake email address in order to give positive reviews to papers.

In the past few years, other journals from other publishers have also been spoofed. This is not just a problem for Elsevier.

There seems to be at least two ways to spoof your way into an editorial system:

  • Offer a bogus identity as a potential reviewer on your papers, so that you can secretly become your own peer-reviewer
  • Pose as a well-known new reviewer, but give a bogus email address, so you can do reviews under that person’s name, even if you don’t end up reviewing your own paper; chances are, by identifying areas of expertise, a spoofer would be in a position to review friends’ or competitors’ papers, skewing publication one way or another

As ORCID rolls out, it has the potential to also cut down on this type of fraud. In creating an ORCID record, you have to put in your email address. Integrating this into manuscript submission and tracking systems seems like a good way to prevent one or both of these tactics (although, creating a bogus ORCID record is certainly a possible work-around).

However, I always like to isolate the effects of technology by recalling what the system was like before the technology. In this case, when peer-review required paper, postage, and a physical mailing location, spoofing like this would have been much more expensive and difficult to undertake. Now, with email addresses easily obtained, cut-and-paste making plausible reviews possible in much less time, and no expense other than time, spoofing is a practical fraud.

At a meeting last week of thought-leaders in scientific publishing technologies, one of the themes was how editorial offices aren’t being served as well as they could be by technology solutions. This is perhaps one area to explore. After all, if intrusions into the peer-review process are occurring, we should build some alarms and defenses for our editors and reviewers.

Enhanced by Zemanta

About Kent Anderson

I am the Founder of Caldera Publishing Solutions, a consultancy specializing in informed growth and smart strategy for academic, scientific, and scholarly publishers. I have worked as Publisher at AAAS/Science, CEO/Publisher of the STRIATUS/JBJS, Inc., a publishing executive at the New England Journal of Medicine, and Director of Medical Journals at the American Academy of Pediatrics. Opinions on social media or blogs are my own.


15 thoughts on “Editorial Spoofing in the Age of Electronic Peer-Review

  1. Some times it seems nothing changes. Years ago I got to know some of the people who worked on the US medical license exams. It was really interesting to get a few beers in them and talking about the cheating scams people tried. Some of them were just amazing. If they put half the energy and creativity into just trying to pass the exam, they probably do just fine. As it is, if caught and I expect most were but who knows, they guaranteed they would never ever be a physician in the US.

    Posted by David Solomon | Dec 12, 2012, 6:58 am
  2. Yes, technology has enabled more cheating, but whatever happened to good editorial practice? What editor worth his or her salt sends a paper out to a reviewer whom they haven’t independently verified as being a decent choice? (or indeed an existent person?) A bad workman blames his tools…

    Posted by Zoe M | Dec 12, 2012, 11:01 am
  3. Maybe journals should make having an ORCID record or ResearcherID a required field when creating a reviewer account? This would at least allow editors to check the publication record associated with that ID, and would also greatly increase the uptake of these identifiers.

    As an aside, near universal use of ORCID would make studying the peer review process so much easier, as one could then accurately track the same person across multiple journals.

    Posted by Tim Vines | Dec 12, 2012, 1:10 pm
  4. We’ve elaborated on this incident in Elsevier Connect . Includes a link back, good point on ORCID Kent.

    Posted by Tom Reller | Dec 12, 2012, 5:17 pm
    • Thanks, Tom. I guess I need to add a third way to spoof a review — steal the username/password information for someone, then pose as them.

      What is wrong with people?!

      Posted by Kent Anderson | Dec 12, 2012, 5:48 pm
  5. While I am a big fan of ORCID, I still do not think ORCID will address this problem as ORCID can still be a victim of identity theft. Until two forms of ID are required (e-mail + credit validation of a nominal amount or e-mail + cell phone # that requires delivery and re-keying of a SMS sent PIN, etc.) identity theft will still be possible… it will just be further back at the ORCID stage vs. the submission system.

    In general, ethics needs to be taught at an early age and often…

    Posted by Joel Plotkin | Dec 12, 2012, 9:58 pm
    • Of course, you’re right, especially as the technique used (identity theft) became clear. Technologies aren’t the solution to ethics. They usually just reflect or enable them.

      Posted by Kent Anderson | Dec 12, 2012, 11:18 pm
  6. A number of these cases have been reported this year. They’ve come from different publishers and different journals, and in some cases have involved large numbers of papers, e.g. the 28 from Hyung-In Moon retracted because the peer-review process “was found to have been compromised and inappropriately influenced by the corresponding author” .

    This is shocking. My concern is that there may be many more cases – how many of the authors who have been getting away with this sort of behaviour have told their colleagues about an easy way they’ve found to get published? Every case that comes to light damages confidence in journals and peer review. Some cases are due to genuine security breaches, but in others publishers/journals have admitted that their processes weren’t rigorous enough. Looking at the cases, some must have lacked even basic reviewer checks before sending out manuscripts. There is no excuse for this. All journals should have rigorous checking procedures in place, good (and regular) database housekeeping (e.g. for duplicate accounts), reviewer report checking, and training of new editors, associate editors and editorial staff. I know from experience that this too often doesn’t happen.

    ORCID – which is being integrated into manuscript submission workflows – is a great potential tool in reviewer identity validation. Is the functionality in place, if not, how long until it is?

    Posted by Irene Hames | Dec 13, 2012, 8:20 am
    • Oh in an ideal world. I have four editorial coordinators for 33 journals and that ain’t changing anytime soon. We don’t pay our editors anything and they typically see double-digit percent increases in submissions every year. We have literally almost 1000 associate editors and editorial board members responsible for oversight of review. Some are good, some are not. Our turn-around time is not competitive and the entire process is being compressed out of sheer necessity. So yes, it would be wonderful to not have any duplicate accounts in our databases (we have 33 separate ones to work with) amoung our tens of thousands of reviewers. It would be awesome to have staff review each reviewer picked and make sure nothing is fishy. It would be great if the EIC could read all the papers. It would also be nice if ORCID had a way to prevent duplicate accounts via an email check but I understand that it not coming until phase 2. Until then, I see no point in insisting on it, though I support the mission. It would be wonderful if society journal publishers could focus on advancing the professions and the science and publishing the best content out there without having to worry all time and react all the time to people lying and cheating the system while others tell us we aren’t doing enough, we aren’t doing it fast enough, and we should be better. Good Lord if Elsevier can’t do it better than I am sunk.

      Posted by Angela | Dec 13, 2012, 11:52 am
  7. My invented reviewer alias is regularly invited to review, presumably by careless administrators who do not take the time to at least google a potential reviewer to see if they exist. I think that to some extent this shows the conveyor belt nature of publishing. I know that’s not at the core of the above, but I find it surprising that there doesn’t seem to be too much concern about how little concern there is with reviewer quality at times..

    (A couple of years ago, I was asked to compare different journals’ submissions sites, so I created accounts for myself under a nonsense alias. This wasn’t malicious. A lot of these sites force you to pick your area of expertise as well, with n/a not being a an option. I’m still baffled by how often these requests come in.)

    Posted by Anna King | Dec 18, 2012, 1:30 pm


  1. Pingback: Elsevier Editorial System Hacked, Reviews Faked, 11 Retractions Follow | LJ INFOdocket - Dec 12, 2012

  2. Pingback: Faking peer reviews | Elsevier Connect - Dec 12, 2012

  3. Pingback: Faking Peer Reviews - Editors' Update - Your network for knowledge - Editors' Update – Your network for knowledge - Dec 13, 2012

  4. Pingback: Was Elsevier’s peer review system hacked to get more citations? « Retraction Watch - Dec 18, 2012

The Scholarly Kitchen on Twitter

Find Posts by Category

Find Posts by Date

December 2012
« Nov   Jan »
The mission of the Society for Scholarly Publishing (SSP) is "[t]o advance scholarly publishing and communication, and the professional development of its members through education, collaboration, and networking." SSP established The Scholarly Kitchen blog in February 2008 to keep SSP members and interested parties aware of new developments in publishing.
The Scholarly Kitchen is a moderated and independent blog. Opinions on The Scholarly Kitchen are those of the authors. They are not necessarily those held by the Society for Scholarly Publishing nor by their respective employers.

Get every new post delivered to your Inbox.

Join 20,263 other followers

%d bloggers like this: