Protect yourself from phishing
Authors and publishers have increasingly become targets for sophisticated phishing scams. These scams may involve multiple layers of deception in order to gain access to your email account and/or Editorial Manager account. This information can then be used to obtain information about your manuscript and about PLOS workflows in order to generate realistic looking invoices for publication fees.
Here’s how you can protect yourself:
Set a secure password for your accounts
A unique password is recommended for each of your accounts and should be more than 18 characters long including both letters and numbers for security. Avoid using easily guessable information in your password, for example, your name, birthday, or common words. When available, always use multi-factor authentication to add another layer of protection to your account(s), especially email.
Scrutinize email contents and requested actions
Here are a few tips for spotting fake emails:
The email address or domain name doesn’t match trusted sources
Phishers often use domains that look similar to legitimate ones with subtle differences like spelling mistakes, initials, or hyphens. If you don’t recognize the sender's profile, take steps to verify the email address.
In many cases, phishers are able to replicate email addresses precisely, so this is not a foolproof method.
The email contains inconsistencies or typos
Always scrutinize the content of emails, check for spelling mistakes and unusual wording, and consider the action the email is asking you to take.
You receive an invoice before your manuscript has been accepted
PLOS will never ask for any form of payment before your article is formally accepted. Invoices are sent after you receive a Completed Accept email from PLOS. Be suspicious of messages demanding immediate payment to avoid manuscript rejection or missed publication deadlines.
Request for payment is “urgent”
Phishing attempts frequently create artificial urgency to prompt immediate action. PLOS provides a reasonable timeframe for authors to submit payment and ask questions.
If you receive an email from PLOS that looks suspicious, do not click any links or respond. Contact customercare@plos.org so we can verify it for you.
Payment is requested in a currency other than $ USD or asks you to share sensitive data
PLOS invoices always display publication fee amounts in $ USD. We will never send invoices listed in any other currency.
We will never request that you send credit card or personal banking information via email. We will never request payment in cash, cryptocurrency, or gift cards. Legitimate invoice payments can be made by credit card through our secure billing portal, by check mailed to our address, or through direct transfer to our Wells Fargo bank.
Avoid clicking log-in or payment links embedded in an email
Do not click on a payment portal, contact, or system login link provided in an email. Phishing attempts will embed these type of links leading to realistic-looking pages intended to capture your login information.
Instead, bookmark the links you need for our contact pages, Editorial Manager sign-in, and our secure billing portal through our website to return to when you need them.
FAQs
What should I do if I receive an email from PLOS that doesn’t look legitimate?
If you suspect an email you’ve received is a phishing attempt mimicking a PLOS email domain or in regards to your PLOS manuscript, contact customercare@plos.org to verify the information. Do not click any links or respond to the email.
Please note, we are unable to verify emails unrelated to PLOS or your manuscript. For other concerns, notify your institution’s administrator of suspected phishing attempts.
How can I verify my PLOS invoice is correct?
You can verify invoices from PLOS using our secure billing portal. Complete the form using the detail provided in the invoice then click “Next.” If you receive an error message that the invoice number is incorrect, contact customercare@plos.org to verify the invoice is legitimate.
Can PLOS help me recover funds paid for a false invoice?
We are unable to retrieve funds that you may have paid in error. Contact your institution or funder to find out what course of action is available to you.
PLOS will not waive publication fees if you have made a payment to a third party by mistake.