A survey by OpenReview.net, a platform that manages peer reviews for papers presented at scientific conferences, has shown that fraudsters are using increasingly sophisticated tricks to impersonate reputable researchers and deceive journal editors. The study, posted on the preprint server ArXiv, examined the profiles of thousands of scientific article reviewers who registered between 2024 and 2025 to evaluate papers on artificial intelligence. In 94 cases, the profiles belonged to fraudsters using false identities.

What was surprising is that these impostors managed to bypass what was thought to be a secure form of defense: they were using email addresses linked to real scientific institutions. Editors often check the domain of email accounts as a way of preventing dishonesty in the peer-review process. When the email address belongs to a well-known research institution or university, the chances of fraud are considered remote. Private email domains, on the other hand, are seen as more vulnerable.

The scheme requires some degree of internal complicity within the institution. The fraudsters used secondary email accounts that received messages forwarded from different email addresses and are often adopted by users to centralize and organize personal and professional correspondence. For the ruse to work, someone inside the university or research institute needs to create an email address in the name of a researcher and register a secondary account to receive all their emails. The person controlling the secondary account then uses it to create fake reviewer profiles on journal websites, allowing them to receive and evaluate manuscripts submitted by themselves or others who are in on the scheme. Journals with flawed or negligent peer-review processes are more susceptible to such manipulation. “Impersonating someone else using an institutional email address adds another layer of challenge in the detection of bad actors,” lead author Nihar B. Shah, a computer scientist at Carnegie Mellon University and OpenReview board member, told Retraction Watch.

The study proposes additional preventive measures, such as verifying that email addresses provided by reviewers match the ones they use when publishing their own work and making journal reviewer registries public so that the scientific community can help monitor suspicious activity.

Republish

This article may be republished online under the CC-BY-NC-ND Creative Commons license. The Pesquisa FAPESP Digital Content Republishing Policy, specified here, must be followed. In summary, the text must not be edited and the author(s) and source (Pesquisa FAPESP) must be credited. Using the HTML button will ensure that these standards are followed. If reproducing only the text, please consult the Digital Republishing Policy.

Text HTML<br><p>This work first appeared on <a href='https://revistapesquisa.fapesp.br/'>Pesquisa FAPESP</a> under a <a href='https://creativecommons.org/licenses/by-nd/4.0/'>CC-BY-NC-ND 4.0 license</a>. Read the <a href='https://revistapesquisa.fapesp.br/en/identity-theft/' target='_blank'>original here</a>.</p><script>var img = new Image(); img.src='https://revistapesquisa.fapesp.br/republicacao_frame?id=576951&referer=' + window.location.href;</script>This work first appeared on Pesquisa FAPESP under a CC-BY-NC-ND 4.0 license. Read the original here.Copy code