Oxford Temporarily Blocks Google Docs To Fight Phishing

netbuzz writes "Fed up with phishers using Google Forms to commandeer campus email accounts as spam engines, Oxford University recently blocked access to Google Docs for two-and-a-half hours in what it called an 'extreme action' designed to get the attention of both its users and Google. 'Seeing multiple such incidents the other afternoon tipped things over the edge,' Oxford explains in a blog post. 'We considered these to be exceptional circumstances and felt that the impact on legitimate University business by temporarily suspending access to Google Docs was outweighed by the risks to University business by not taking such action.' The move generated widespread complaints from those affected, as well as criticism from outside network professionals."

Report Abuse

[RedACE7500]

As an email system administrator for a Canadian university, we also see Google docs being increasingly used for phishing. We've also noticed Google's response to abuse reports has also improved considerably. If a few people submit an abuse report on a form, it will now usually get suspended in a matter of hours, where it used to take over a day. Unfortunately, those first few hours are the most critical when it comes to reacting to phishing.

Re:Report Abuse

[bruce_the_loon]

You got it at the end. They set up a form on Google Docs, make it look vaguely professional and mail my users pretending to be me.

Most non-IT academics and just about all admin staff at my university seem to believe anything they have emailed. The phishers are relying on the IT administrators' reticence to block all of docs.google.com. If I see a specialized URL, I'll probably block the whole site, but killing all of Google Docs is a big decision. So they get a longer time of access than the specialized site would give them.

Yes, they are stupud, yes they don't listen. No, I have no idea what to do beyond a name and shame campaign that my bosses don't like.