One of the things I most dislike about editing is the need to check author references. Aside from the mishmash manner in which the references are provided (e.g., it is not unusual to find two journal cites, one following the other, in completely different formats), I find that I am becoming increasingly angry at having to check URLs.
The Internet Age has brought many positive things to our world, but one negative is that authors increasingly cite URLs as a reference. Aside from the transience of URLs, they present a hazard to the editor who has to verify them.
Checking URLs has become expensive for me. Why? Because the links provided have become dangerous.
Twice in the last 3 months, I have inadvertently (i.e., unknown to me) downloaded ransomware (malware) to my computer as a result of clicking an author’s reference URL cite. Each of those incidents cost me several hundred dollars to remedy. In addition, my antivirus/antimalware software has protected me against another half dozen potential threats.
I’m not so angry about the threats against which I was protected by my antivirus software as I am about the ransomware ones that cost me money to cure. Fortunately, I have a local computer expert (the person who built and maintains my computers) who is willing to put me at the top of the list when I have a problem. Of course, it also means I pay for the service — and clients are unwilling to reimburse that expense.
What happened is that I clicked on a URL, found it was not good, and then moments later found that I could not access my computer’s primary screen — instead, I was faced with a demand for $300 to unlock my computer. Apparently, this is a regular scam. Sometimes the demand is labeled as coming from the FBI, sometimes it is from Homeland Security. According to my computer expert, if you pay the $300, you get a code to “unlock” the screen but then, sometime down the road, it locks up again and another demand for payment is made.
At least this bit of malware is less vicious than it could be. It only blocks access to the screen; it doesn’t attack data files.
I would be less angry about this if I thought the authors even cared a little bit, but considering that 75% of the URLs cited in the reference list in the latest project were either invalid (the URLs returned “Error 404: File Not Found” errors) or took me to clearly irrelevant sites, I have little faith in the idea that the author cares that at least one of the listed cites caused major problems for me — and would do the same for the reader who decided to check the cite.
We all know that the Internet can be a dangerous place. For the young, it is a source of never-ending bullying; for the elderly, it is a way to lose life savings; and for editors who have to check the validity of a cited URL, it is a way to infect one’s computer and suffer financial loss.
I am also mad at myself for getting caught by this malware twice. I am very careful about how I use the Internet and I make sure that I use up-to-date protection software. I even use the “pro” versions so that I get hourly updates. I also avoid likely troublesome sites. And for years I never suffered an invasion of malware.
Getting caught twice in 3 months is making me wonder what else I can do. It is hard to avoid the risk exposure when I have to check URLs as part of my job. And there is no way to know (at least not that I am aware of) in advance that a particular URL is going to make me wish I was retiring.
One colleague suggested that I simply not check URLs. Unfortunately, I cannot see an ethical way to do that. Instead, I am thinking of adding a clause to my “contract” that basically says, “client warrants that all URLs cited in the manuscript are virus- and malware-free. In the event that verifying a cited URL causes a virus or malware attack on my computer and/or network, client agrees to pay the cost of expert removal plus for my lost work time.”
I suspect that few clients would be willing to accept such a clause, especially if the client is a publisher or service provider rather than the author. But I need to do something, and the additional clause seems the best option at the moment. It would at least make my client aware of the potential for the problem.
For those of you who are interested in seeing what this particular virus is about, here is a link to Yoo Security. Should you get the virus, getting rid of it is a problem because you can’t easily access your desktop and rebooting doesn’t get around the problem. I suggest that you go now to your antivirus software’s website and search for ransomware under Support. There should be an article that tells you the steps you need to take to rid your computer of this malware. Print it and save it. Even if you can’t do it yourself, it may save you some money when you have someone else do the fix.
Have you experienced virus or malware attacks from client files? How did you deal with it?