Unmasking Identity Theft in AI Conference Peer Review

TLDR: A new research paper reveals widespread identity theft in AI conference peer review, where dishonest researchers create fake reviewer profiles using legitimate identities but controlled emails to manipulate paper evaluations. The study, based on investigations by OpenReview.net, found 94 such cases, often exploiting university email alias systems. The paper details the methods used by fraudsters and proposes several mitigating strategies for peer-review platforms and universities, emphasizing the need for stronger identity verification and vigilance across academic systems.

The world of academic peer review, especially within the rapidly expanding field of Artificial Intelligence (AI), is built on a foundation of trust. However, a recent investigation has uncovered a significant vulnerability: identity theft. This issue, detailed in a new research paper, highlights how dishonest individuals are exploiting the system to manipulate paper evaluations, with broader implications for other academic procedures.

The peer-review process is crucial for scientific integrity, relying on experts to voluntarily assess research papers. With the explosion of interest in AI, conferences now receive thousands of submissions and require equally large pools of reviewers. This demand has led to open calls for reviewers, often through online forms where researchers provide their details, affiliations, and publication history. Unfortunately, this system, while efficient, has proven susceptible to fraud.

The investigation, conducted by OpenReview.net staff between February and April 2024, and again in April 2025, identified 94 fake reviewer profiles. The modus operandi of dishonest researchers typically involves several steps:

How Identity Theft Occurs in Peer Review

• If online forms are used for recruitment, a dishonest researcher submits the form using another researcher’s identity, including their legitimate affiliations and publication history. Crucially, they provide an email address they control.
• If recruitment is via profiles on review platforms, the dishonest researcher creates a profile with someone else’s affiliation and publication history.
• Program chairs, based on the supplied (fraudulent) information, deem the reviewer eligible.
• Once embedded in the system, the dishonest researcher, under this false identity, attempts to get assigned to review papers authored by their true identity. This can be done by expressing interest during the bidding process or by subtly tuning the fake reviewer profile or their own paper’s text to increase perceived suitability.
• Finally, as the reviewer under the false identity, they provide favorable reviews to their own papers.

The paper also notes instances where researchers create multiple fake profiles to increase their chances of success, or engage in collusion rings to mutually favor each other’s work.

Challenges in Verification

A significant challenge lies in verifying reviewer identities. Platforms like ORCID, which provide researcher IDs, do not verify personal identities or prevent duplicates. Even the seemingly robust measure of requiring institutional email addresses has been exploited. In 92 of the 94 identified cases, the fake profiles used email addresses from reputable universities, which were ’round-trip-verified’ (meaning OpenReview sent a verification email and the holder confirmed control). This was often achieved by leveraging the common practice of universities allowing members to create email aliases, enabling a dishonest researcher to create an alias resembling a legitimate person at that institution.

Furthermore, many conferences automatically import reviewer lists from previous years, creating a vulnerability where undetected impersonators could be perpetually invited to review future editions.

Also Read:

• Study Reveals Significant AI-Generated Content in Computer Science Academia
• Conversational Manipulation: A New Threat to AI Alignment

Proposed Safeguards and Recommendations

To combat this fraud, the research paper proposes several strategies for program chairs, editors, and peer-review management platforms:

• Publication Verification: Verify that a reviewer’s claimed prior publications were submitted through the same email address or account on the same peer-review platform.
• Digital Identifiers: Require reviewers to log in through persistent digital identifier systems like ORCID (or verified author profiles from ACM/IEEE) to match claimed IDs with publication history.
• Vouching Protocols: For new reviewers without prior publication history on the system, implement carefully designed vouching protocols, similar to arXiv, where new authors are vouched for by established researchers.
• Scrutinize New Profiles: Pay close attention to reviewer profiles created shortly before conference deadlines.
• Community Oversight: Leverage the public visibility of researcher profiles on many platforms to allow the broader scientific community to identify potential issues.
• Anti-Fraud Techniques: Consider traditional anti-fraud measures like IP addresses or browser fingerprints.
• Strong Deduplication: Platforms should implement robust, regularly enforced deduplication methods to prevent individuals from creating multiple profiles.
• Robust Assignment Processes: Make reviewer-paper assignment processes more resistant to manipulation.

The paper also offers recommendations for universities and organizations with email domains, urging them to implement stricter monitoring of alias email accounts, allow third-party verification of email ownership, and conduct thorough investigations when identity theft is reported.

The findings underscore that these vulnerabilities extend beyond peer review, potentially affecting other critical academic processes like university admissions, internships, and fellowships, which rely on recommendation letters and contact information. The misuse of email aliases for impersonation could also be exploited for phishing or other forms of deception. This research serves as a crucial alert to the academic community, emphasizing the need for heightened vigilance and transparent discourse to safeguard the integrity of scientific processes. For more details, you can read the full paper here.