Oxford University blocks Google Docs as phishing attacks soar

Defending the emeritus professors

Oxford University has taken the radical step of temporarily blocking access to Google Docs after a dramatic increase in phishing attacks trying to harvest academic email credentials using bogus forms hosted on the service.

On Monday the University's IT team it said it dealt with a clutch of account compromises in the space of a few days, almost all using Google Docs to host fake helpdesk alerts.

Unable to get Google to remove the pages quickly enough, and with spammers hijacking legitimate University domain accounts to send spam, the IT department decided to pull the plug for several hours while it considered what technical counter-measures it might deploy.

The attacks had succeeded because a small minority of students and academics were being duped by phishing gangs in the face of the University's attempts to educate its users on the issue.

"We considered these to be exceptional circumstances," said Robin Stevens of OxCERT, the University's network security team, in a blog post.

"Now we may be home to some of the brightest minds in the nation. Unfortunately, their expertise in their chosen academic field does not necessarily make them an expert in dealing with such mundane matters as emails purporting to be from their IT department," he wrote.

As well as affecting the hijacked accounts of users, allowing spam to flow from the University's domain risked it being blacklisted by spam filters, he said.

While apologising for disrupting the access of its user base temporarily, Stevens did not rule out taking similar action in the future.

The core problem experienced by Stevens' department could be the response times of Google. These had improved, Stevens said, but the search giant needed to react within hours in some cases.

The University has had a problem with spam for some time, in August 2011 estimating that the time it took to clean up a single hijacked account could consume one staff member's resources for three working days.

At that time it had dealt with 20 spam account incidents in two months, it said.

In May 2012 Oxford University was also badly affected by the Mac Flashback Trojan that infected approaching 1,000 of its Mac-loving academic population.