Forgot your password?
typodupeerror
Google Security Technology

Oxford Temporarily Blocks Google Docs To Fight Phishing 128

Posted by timothy
from the you've-been-cloud dept.
netbuzz writes "Fed up with phishers using Google Forms to commandeer campus email accounts as spam engines, Oxford University recently blocked access to Google Docs for two-and-a-half hours in what it called an 'extreme action' designed to get the attention of both its users and Google. 'Seeing multiple such incidents the other afternoon tipped things over the edge,' Oxford explains in a blog post. 'We considered these to be exceptional circumstances and felt that the impact on legitimate University business by temporarily suspending access to Google Docs was outweighed by the risks to University business by not taking such action.' The move generated widespread complaints from those affected, as well as criticism from outside network professionals."
This discussion has been archived. No new comments can be posted.

Oxford Temporarily Blocks Google Docs To Fight Phishing

Comments Filter:
  • by SSpade (549608) on Tuesday February 19, 2013 @02:28PM (#42946773) Homepage

    Google docs is massively abused for phishing, and there doesn't seem to be much action by Google to prevent that.

    If Google paid more attention to preventing or mitigating abuse using their network, or even paid active attention to reports of abuse, people wouldn't have to resort to blocking them.

  • Really? (Score:5, Insightful)

    by Mullen (14656) on Tuesday February 19, 2013 @02:55PM (#42946969)

    I am really just shocked at how stupid people are to fill out a form on Google Docs with their passwords and username. I always recommend that people who fall for really obvious phishing attacks be fired but in this case, you can't fire students.

  • Re:Report Abuse (Score:4, Insightful)

    by Archangel Michael (180766) on Tuesday February 19, 2013 @03:57PM (#42947587) Journal

    Or they will come up with a new password Scheme that is completely insecure.

    Old Password: password
    New Password: password19 (todays date)

    Tomorrow ....

    Old Password: password19
    New Password: password20

    that way, I can have 28-31 different passwords every month, without having to remember any one in particular.

  • Re:"The Tool" (Score:4, Insightful)

    by hawguy (1600213) on Tuesday February 19, 2013 @05:03PM (#42948397)

    You mean the university email system that delivers the malicious email?

    I have a crazy idea, tell users not to give personal information out by email. It's that simple.

    NEVER give out personal information by email.

    The university doesn't control all avenues of email delivery - some people use Yahoo, MSN, and other providers so even if they had a perfect phishing filter, some would still slip through other avenues.

    After you've worked in an IT help desk for a while, you'd learn that there is no way to get people to follow a simple "Don't do this because it's unsafe" policy (for one thing, the list of unsafe behaviors is longer than anyone can remember). Try telling your boss (or a tenured professor) "You're an idiot! We told you not to give out personal information on links clicked from an email", and he'll say "But look, this website has our university seal on it, and it said it was from the IT department so I thought it was safe".

Truly simple systems... require infinite testing. -- Norman Augustine

Working...