![]() ![]() A smaller part listens but either fails to understand or forgets fast – their actions make a "stupid housemate" look like a genius. The majority of them doesn't see a problem and refuses to take any advice on security. Being a university-IT insider since aeons I can assure you that a small but not insignificant percentage of the scholars is unteachable by normal means. Don't forget that a university has many divisions and "Internet" is not part of most curricula (the same is true for other aspects of human life like general education, social behaviour, "culture" or literacy outside one's special field). It is a common misconception that common sense is the result of (or is necessary for) an academic career. Oxford University image from Shutterstock.įollow on Twitter for the latest computer security news.įollow on Instagram for exclusive pics, gifs, vids and LOLs! but hopefully it will result in fewer accounts being hijacked in future. ![]() The fact that Oxford University had to block (albeit briefly) access to a major web resource in order to get the attention of its computer users, and wake them up to the risk of phishing attacks, is a shame. Reading the blog post, it is also clear that IT staff at Oxford University feel frustrated that Google doesn’t do more to proactively police against cybercriminals abusing Google Docs forms, and the lengthy time it can take between reporting an abusive webpage and Google taking it down. I can sympathise with the Oxford University IT staff, who must feel frustrated that users keep being duped into clicking on links to phishing pages hosted on Google Docs, but this medicine must have been a bitter pill to swallow. My guess is that not many people notice the small print at the bottom of the page, where Google points out that it isn’t responsible for the content of the page and provides a small “Report abuse” link. And, sadly, as many people make the mistake of using the same password for multiple websites they could have the keys to more than just your email. In the blink of an eye, confidential passwords could be in the hands of the cybercriminals who created the phishing page. Many computer users may not realise that even though the link really does points to Google Docs that it can still be malicious.Īnd if you click on the link? Here’s what you are shown: Here’s a typical example of a Google Docs phishing scam.įirstly, you receive an email calling upon you to take immediate action. This was taken into account along with changes to the threats and balance of risks over the course of the afternoon, and after around two and a half hours, the restrictions on access to Google Docs were removed." "It is fair to say that the impact on legitimate business was greater than anticipated, in part owing to the tight integration of Google Docs into other Google services. ![]() A temporary block would get users’ attention and, we hoped, serve to moderate the "chain reaction". While this wouldn’t be effective for users on other networks, in the middle of the working day a substantial proportion of users would be on our network and actively reading email. We considered these to be exceptional circumstances and felt that the impact on legitimate University business by temporarily suspending access to Google Docs was outweighed by the risks to University business by not taking such action. Seeing multiple such incidents the other afternoon tipped things over the edge. "Almost all the recent attacks have used Google Docs URLs, and in some cases the phishing emails have been sent from an already-compromised University account to large numbers of other Oxford users. ![]() What wasn’t so widely reported was that the University’s block was short-lived.Īs Robin Stevens of IT Services in Oxford University explained in a blog post – was only blocked for 2.5 hours: Earlier this week it was being widely reported that Oxford University had taken the drastic step of completely blocking Google Docs, after it had seen a dramatic increase in the number of phishing attacks exploiting the service, targeting staff and students. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |