Oxford University blocks Google Docs because of phishing attacks.. for 2.5 hours

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Earlier this week it was being widely reported that Oxford University had taken the drastic step of completely blocking Google Docs, after it had seen a dramatic increase in the number of phishing attacks exploiting the service, targeting staff and students.

What wasn’t so widely reported was that the University’s block was short-lived.

Oxford University and Google Docs. Image from Shutterstock

As Robin Stevens of IT Services in Oxford University explained in a blog post – docs.google.com was only blocked for 2.5 hours:

Sign up to our free newsletter.
Security news, advice, and tips.

"Almost all the recent attacks have used Google Docs URLs, and in some cases the phishing emails have been sent from an already-compromised University account to large numbers of other Oxford users. Seeing multiple such incidents the other afternoon tipped things over the edge. We considered these to be exceptional circumstances and felt that the impact on legitimate University business by temporarily suspending access to Google Docs was outweighed by the risks to University business by not taking such action. While this wouldn’t be effective for users on other networks, in the middle of the working day a substantial proportion of users would be on our network and actively reading email. A temporary block would get users’ attention and, we hoped, serve to moderate the "chain reaction".

"It is fair to say that the impact on legitimate business was greater than anticipated, in part owing to the tight integration of Google Docs into other Google services. This was taken into account along with changes to the threats and balance of risks over the course of the afternoon, and after around two and a half hours, the restrictions on access to Google Docs were removed."

Here’s a typical example of a Google Docs phishing scam.

Firstly, you receive an email calling upon you to take immediate action.

Phishing email

Many computer users may not realise that even though the link really does points to Google Docs that it can still be malicious.

And if you click on the link? Here’s what you are shown:

Google Docs phishing page

In the blink of an eye, confidential passwords could be in the hands of the cybercriminals who created the phishing page. And, sadly, as many people make the mistake of using the same password for multiple websites they could have the keys to more than just your email.

My guess is that not many people notice the small print at the bottom of the page, where Google points out that it isn’t responsible for the content of the page and provides a small “Report abuse” link.

Google Docs small print

I can sympathise with the Oxford University IT staff, who must feel frustrated that users keep being duped into clicking on links to phishing pages hosted on Google Docs, but this medicine must have been a bitter pill to swallow.

Reading the blog post, it is also clear that IT staff at Oxford University feel frustrated that Google doesn’t do more to proactively police against cybercriminals abusing Google Docs forms, and the lengthy time it can take between reporting an abusive webpage and Google taking it down.

The fact that Oxford University had to block (albeit briefly) access to a major web resource in order to get the attention of its computer users, and wake them up to the risk of phishing attacks, is a shame.. but hopefully it will result in fewer accounts being hijacked in future.

Oxford University image from Shutterstock.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.