Oxford Google Docs Phishing

Oxford University’s problems with phishing came to a head this week as the university’s network security team temporarily blocked access to Google Docs in an attempt to stop spammers from comprising email addresses on its trusted system.

The action against Google Docs was taken after a slew of attacks that used forms to acquire email addresses and passwords from students and staff, which were then used to send spam. Network security felt the circumstances were “exceptional” and warranted the risk of impacting legitimate Google Docs usage. Many users felt otherwise.

Ray Allen, an area studies web manager at Oxford, expressed concern over the blockage in a blog comment.

“I was disappointed to see this action being taken. It seemed like a point score against Google rather than a serious attempt to improve security. Phishing is a constantly moving target and until you educate users not to give out passwords (by email, form, phone or any other mechanism) you’ll have the same issue,” he said.

The university’s network security had been frustrated with Google’s lack of “urgent” action in phishing cases, claiming the company takes days (down from weeks in the past) to remove questionable forms.

This temporary block lasted only two and a half hours, but in a blog post about the issue, communications programmer Robin Stevens did not rule out the possibility of similar actions in the future.

Source: OxCERT (via NetworkWorld)