We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,585 News Articles

Oxford University blocks Google Docs as phishing attacks soar

Defending the emeritus professors

Oxford University has taken the radical step of temporarily blocking access to Google Docs after a dramatic increase in phishing attacks trying to harvest academic email credentials using bogus forms hosted on the service.

On Monday the University's IT team it said it dealt with a clutch of account compromises in the space of a few days, almost all using Google Docs to host fake helpdesk alerts.

Unable to get Google to remove the pages quickly enough, and with spammers hijacking legitimate University domain accounts to send spam, the IT department decided to pull the plug for several hours while it considered what technical counter-measures it might deploy.

The attacks had succeeded because a small minority of students and academics were being duped by phishing gangs in the face of the University's attempts to educate its users on the issue.

"We considered these to be exceptional circumstances," said Robin Stevens of OxCERT, the University's network security team, in a blog post.

"Now we may be home to some of the brightest minds in the nation. Unfortunately, their expertise in their chosen academic field does not necessarily make them an expert in dealing with such mundane matters as emails purporting to be from their IT department," he wrote.

As well as affecting the hijacked accounts of users, allowing spam to flow from the University's domain risked it being blacklisted by spam filters, he said.

While apologising for disrupting the access of its user base temporarily, Stevens did not rule out taking similar action in the future.

The core problem experienced by Stevens' department could be the response times of Google. These had improved, Stevens said, but the search giant needed to react within hours in some cases.

The University has had a problem with spam for some time, in August 2011 estimating that the time it took to clean up a single hijacked account could consume one staff member's resources for three working days.

At that time it had dealt with 20 spam account incidents in two months, it said.

In May 2012 Oxford University was also badly affected by the Mac Flashback Trojan that infected approaching 1,000 of its Mac-loving academic population.


IDG UK Sites

Samsung Galaxy S6 release date and specs rumours: When will the Galaxy S6 come out?

IDG UK Sites

How to win iTunes Festival 2014 tickets: See Pharrell Williams, Sam Smith, Kylie & more live, for...

IDG UK Sites

Microsoft's all or nothing bet on Windows Phone is the best way forward

IDG UK Sites

Google adds better type rendering to its Chrome browser on Windows