Oxford Temporarily Blocks Google Docs To Fight Phishing

← Back to Stories (view on slashdot.org)

Oxford Temporarily Blocks Google Docs To Fight Phishing

Posted by timothy on Tuesday February 19, 2013 @06:21AM from the you've-been-cloud dept.

netbuzz writes "Fed up with phishers using Google Forms to commandeer campus email accounts as spam engines, Oxford University recently blocked access to Google Docs for two-and-a-half hours in what it called an 'extreme action' designed to get the attention of both its users and Google. 'Seeing multiple such incidents the other afternoon tipped things over the edge,' Oxford explains in a blog post. 'We considered these to be exceptional circumstances and felt that the impact on legitimate University business by temporarily suspending access to Google Docs was outweighed by the risks to University business by not taking such action.' The move generated widespread complaints from those affected, as well as criticism from outside network professionals."

3 of 128 comments (clear)

Min score:

Reason:

Sort:

Report Abuse by RedACE7500 · 2013-02-19 06:27 · Score: 5, Informative

As an email system administrator for a Canadian university, we also see Google docs being increasingly used for phishing. We've also noticed Google's response to abuse reports has also improved considerably. If a few people submit an abuse report on a form, it will now usually get suspended in a matter of hours, where it used to take over a day. Unfortunately, those first few hours are the most critical when it comes to reacting to phishing.
1. Re:Report Abuse by bruce_the_loon · 2013-02-19 06:43 · Score: 5, Informative
  
  You got it at the end. They set up a form on Google Docs, make it look vaguely professional and mail my users pretending to be me.
  Most non-IT academics and just about all admin staff at my university seem to believe anything they have emailed. The phishers are relying on the IT administrators' reticence to block all of docs.google.com. If I see a specialized URL, I'll probably block the whole site, but killing all of Google Docs is a big decision. So they get a longer time of access than the specialized site would give them.
  Yes, they are stupud, yes they don't listen. No, I have no idea what to do beyond a name and shame campaign that my bosses don't like.
  
  --
  Trying to become famous by taking photos. Visit my homepage please.
Re:How is it used for phishing? by bruce_the_loon · 2013-02-19 06:52 · Score: 4, Informative

My university has been targetted too. They create a form on top of a spreadsheet, make it look legitimate because it can be customized and then email it around. http://www.gfi.com/blog/google-docs-phishing/
It gets past a lot of protection layers because Google Docs is trusted/whitelisted by most IPS filter lists.

--
Trying to become famous by taking photos. Visit my homepage please.