Introduction
The challenges of questionable journals are widely discussed in the literature, particularly in the context of medicine (Cukier et al., 2020; Hegedűs et al., 2024; Soriano & Ruano‑Ravina, 2025). One of the clear types of questionable journals is called hijacked journals, which is a kind of cyber scam (Trapp, 2020). Hijacked journals can be considered a form of fake website for a legitimate journal; this is why hijacked journals are sometimes referred to as a phishing scam (Dadkhah et al., 2015). In other words, cybercriminals (whom we also refer to as hijackers) are looking for indexed journals whose websites and original URLs are not accessible through the citation base, or whose original URLs are difficult to find. Non‑English or print‑only journals are particularly vulnerable to hijacking. Such characteristics make them prime targets (Jalalian & Dadkhah, 2015). They will then develop a fake website by mimicking the legitimate journal, using the exact ISSN and title of the legitimate journal. Then they promote their fake website(s) as the legitimate journal website (Dadkhah et al., 2015; Jalalian & Dadkhah, 2015; Moussa, 2021b). They usually direct the potential victim authors to their hijacked journals by sending a call for papers email (Jalalian & Mahboobi, 2014; Moussa, 2021b; Müller & Sæbø, 2024). As this is a scam, it is clear that there will be no peer review, and the authors’ manuscripts will be published by charging them (Hegedűs et al., 2024; Moussa, 2021b). At first glance, this academic scam appears to squander research budgets and discoveries in a simple manner. However, a more significant issue is that hijacked journals are sometimes incorrectly indexed in major databases, replacing legitimate ones (Abalkina, 2024; Bohannon, 2015; Müller & Sæbø, 2024). Studies also indicate that papers published in hijacked journals receive citations, risking the propagation of non‑peer‑reviewed science into the literature. This, in turn, can severely compromise the integrity of science (Dadkhah et al., 2023; Moussa, 2021a). These hijacked journals can also threaten sustainable development goals (SDGs) as they publish papers that are also aligned with SDGs, negatively influence the SDGs ranking of institutes and disseminate misleading information (Hegedűs et al., 2024).
Hijacked journals can be found by using specific criteria, methods or blocklists to find previously detected hijacked journals (Abid & Yousif, 2022; Asadi et al., 2017; Hegedűs et al., 2024; Jalalian & Dadkhah, 2015; Jalalian & Mahboobi, 2014). However, the methods and criteria are generally only available to information technology‑savvy researchers (Dadkhah et al., 2024). Given the challenges posed by hijacked journals, implementing blocklists emerges as the most viable solution to provide access to a list of previously detected hijacked journals by technology‑savvy researchers or experts in this area. Initially, as these questionable journals began to appear, academic papers and blogs served as primary platforms for listing detected hijacked journals (Jalalian & Dadkhah, 2015). However, with the increasing proliferation of hijacked journals, a crowdsourcing approach became essential for maintaining an updated and comprehensive list. This led to the development of initiatives such as the Retraction Watch Hijacked Journal Checker (RWHJC) (Retraction Watch, n.d.). The RWHJC provides researchers with a valuable tool to verify a journal’s legitimacy before submission and to report newly identified hijacked journals (Holly, 2022; Retraction Watch, n.d.). Despite its utility, the RWHJC’s effectiveness is contingent upon the researcher’s ability to detect and submit it. Consequently, any methodology that can aid in identifying currently undetected hijacked journals would significantly enhance the comprehensiveness and utility of such blocklists.
The network of hijacked journals
The studies sometimes suggest that a group of hijackers is behind some journals, or there may be an organized effort to hijack a set of journals (Abalkina, 2021; Dadkhah et al., 2024). They launch multiple hijacked journals within a short period to boost their revenue generation across various fields. The analysis of registrars and server locations of some hijacked journals’ websites also helped to find some of the existing but undetected hijacked journals (Dadkhah et al., 2024). Analysing the content of various hijacked journals and comparing their material revealed an interconnected network of these fraudulent publications. This cross‑content examination facilitated the discovery of relationships among them (Abalkina, 2021). The visual and structural resemblances observed among specific hijacked journals strongly indicates their inclusion in larger networks. To expedite the creation of a new hijacked journal, hijackers often replicate the design and content from their existing or previously hijacked journals, thereby accelerating the website development process. By thoroughly analysing one member of such a network, researchers can potentially identify other affiliated journals. If there were previously undetected hijacked journals in the list of members, adding them to the blocklist will help to eliminate more authors becoming victims.
Linkage analysis of hijacked medical journals
There are two distinct approaches to detecting hijacked journals. The first approach involves assessing individual journals to determine whether they are legitimate or hijacked. This is the most common scenario for researchers who want to verify the authenticity of a journal before submitting their manuscript. Such journals may come to their attention through calls for papers, recommendations from colleagues or internet searches. Most existing methods are designed to help distinguish between legitimate journals and their hijacked versions in these situations (Abid & Yousif, 2022; Asadi et al., 2017; Holly, 2022). The second approach is more proactive: experts attempt to identify additional hijacked journals to expand existing watchlists and prevent future victims from being affected (Abalkina, 2021; Dadkhah et al., 2024). This bulk detection approach aims to provide input for the first approach by identifying potentially hijacked journals. For instance, researchers might analyze large volumes of call‑for‑papers emails to detect suspicious journals, which are then individually verified using the first approach.
As discussed in the previous section, only a limited number of studies have addressed this second approach. These studies often focus on uncovering networks of hijacked journals by analysing web servers, archives or patterns among journals that mimic each other and may be operated by the same hijacker or group (Abalkina, 2021; Dadkhah et al., 2024). This commentary focuses on the second approach and presents a methodology for bulk detection of hijacked journals, expanding existing blocklists. Figure 1 illustrates the method of the current study.
Figure 1.
Methodology of identifying undetected hijacked journals in medical science by linkage analysis
Source: authors
Any website can be cited by another website when its URL is mentioned. In the context of web analysis for a specific domain, websites possess two primary types of links: inbound and outbound. Inbound links point to a particular domain, while outbound links refer to domains that a website mentions (F. Khan & Sponder, 2017). We used the list of known hijacked medical journals in previous studies (Hegedűs et al., 2024; Retraction Watch, n.d.). Only six hijacked journals were active out of 21 (23 July 2025). Our analysis of detected hijacked journals reveals a consistent pattern: they typically have more inbound links than outbound links. These inbound links often originate from websites and publications that identify the hijacked journals as questionable or fraudulent. However, some inbound links may also come from academic institutions or authors’ profiles that inadvertently published work in these hijacked journals. The number of outbound links for detected hijacked journals is notably limited. Our analysis of outbound link data, extracted using Semrush – an online platform for website visibility assessment (Nanda et al., 2021; Wackerbarth et al., 2021) – from previously identified hijacked medical journals, led to a significant discovery. We successfully uncovered four journals that share attributes of previously detected hijacked journals, which are themselves suspect. Table 1 provides a comprehensive list of these newly identified hijacked journals.
Table 1
Newly identified suspected hijacked journals and their associated known hijacked journals (NA means that there is no data for that journal)
To identify the legitimate URL for each journal, we utilized Ulrichsweb (Ulrichsweb, 2025), a comprehensive database providing bibliographic information on academic journals and some criteria that were presented in previous studies (Asadi et al., 2017; Björk & Solomon, 2012; Dadkhah et al., 2015; Hegedűs et al., 2024). Most of the URLs retrieved from Ulrichsweb for the mentioned journals were either inactive or made it difficult to locate the legitimate journal’s homepage (authors should exercise caution and reverify any URLs obtained from Ulrichsweb, as hijackers may register expired journal domains or link them to hijacked journals, though we are not aware of any such cases specifically involving Ulrichsweb). We also consulted SCImago (SCImago, 2025) to ascertain the legitimate version’s quartile ranking for each hijacked journal. On July 23, 2025, we utilized the Retraction Watch Hijacked Journal Checker (RWHJC) to verify whether the identified hijacked journals, selected from a group of six medical journals, had been previously detected. Our linkage analysis of these six active hijacked medical journals led to the discovery of four previously unidentified suspected hijacked journals. To provide a complete network representation, we further analysed the outbound links of all journals listed in Table 1. Figure 2 visually illustrates the interrelationships among these hijacked journals.
Figure 2
The network of hijacked journals. (Red nodes represent newly suspected hijacked journals; yellow nodes indicate previously identified ones. Nodes without edges have been removed)
Source: authors
Discussion
The results indicate that linkage analysis of hijacked journals serves as an effective method for identifying previously undetected instances. These interconnected networks arise from hijackers’ deliberate efforts to target diverse researcher populations across various fields by establishing multiple hijacked journals. Although hijacked journals frequently disregard the genuine aims and scope of the original publications, they may, paradoxically, maintain a semblance of adherence to these guidelines to bolster their perceived legitimacy and avoid detection. Our focused analysis of six hijacked journals specifically led to the discovery of four new suspected ones. This finding underscores the importance of a comprehensive examination of the entire repository of detected hijacked journals, such as those maintained by the RWHJC, which may lead to expanding the known blocklist and consequently mitigating the associated academic harm.
A network of hijacked journals provides parallel channels through which hijackers can strategically target researchers in various disciplines and amplify their illicit revenue generation by imposing publication fees on victim authors. This interconnectedness is often revealed through outbound links within these fraudulent journals. Hijackers may intentionally embed links to other journals within their network to redirect researchers from diverse fields to platforms tailored to their target audience. Conversely, and perhaps more commonly, such links may appear unintentionally due to the mass‑production methodologies employed. To expedite the creation process and minimize overheads, hijackers frequently replicate shared structural elements and templates across their various hijacked journals. Consequently, analysing outbound links can reveal potential affiliations that point to suspected hijacked journals within the broader network.
Conclusion
This research aims to describe the application of linkage analysis to previously identified hijacked journals, thereby expanding the list of detected hijacked journals and reducing the number of victims. As there may be a hijacker or group of hijackers behind some hijacked journals, interlinking between hijacked journals can help to identify previously undetected members of a network of hijacked journals. By using this approach, four new possibly hijacked journals were detected through the analysis of six previously known hijacked journals. The current study focuses only on the analysis of outbound links; however, the analysis of inbound links can also be used and tested to understand their potential in identifying hijacked journals. The analysis of inbound links, as they originate from various sources (e.g. publications, blogs and victim authors), can help create a profile of such journals and potential victims who have uploaded their published papers from hijacked journals to their academic profiles. This could be a topic for future research.
Acknowledgements
The authors would like to thank the Flagship Research Groups Programme of the Hungarian University of Agriculture and Life Sciences (MATE).
AI Usage
AI technologies (Gemini 2.5 flash and Grammarly) were utilized to increase readability in some sections of the text. The additional conceivable applications of AI tools have been stated in the method section. The AI has been used to improve readability and fluency not writing from scratch.
Funding Statement
This work was supported by the Flagship Research Groups Programme of the Hungarian University of Agriculture and Life Sciences (MATE).
Abbreviations and Acronyms
A list of the abbreviations and acronyms used in this and other Insights articles can be accessed here – click on the following URL and then select the ‘full list of industry A&As’ link: http://www.uksg.org/publications#aa.
Competing Interests
The authors have declared no competing interests.