User: Password:
|
|
Subscribe / Log in / New account

Oxford blocks Google Docs as a phishing countermeasure

Oxford blocks Google Docs as a phishing countermeasure

Posted Mar 7, 2013 19:46 UTC (Thu) by dlang (subscriber, #313)
In reply to: Oxford blocks Google Docs as a phishing countermeasure by dskoll
Parent article: Oxford blocks Google Docs as a phishing countermeasure

> Google could greatly mitigate the abuse of its services by phishers by unconditionally including the following text on all user-created web forms:

> Note: This is a document hosted by Google Docs. Do not enter any sensitive information such as credit-card numbers, usernames or passwords. If the form asks for any such sensitive information, please report it as abuse.

That won't work if you need people to login to Google Docs because you use things there internally.

Google cannot set the policy for your organization about what can and can't be entered into a document (and do you _really_ want them to????)

Note, I am not saying that using Google Docs this way is a good thing, it's not. But it's also the reality in may organizations.

You want to dig up a lot of dirt on a major company, send an e-mail to any address in the company you can find that claims to be a survey that the company management has asked for, and you can get people to answer all sorts of sensitive information (and volunteer even more in the free-form fields). The fact that so many companies DO use outside survey companies to do exactly this will lead employees to consider such survey requests 'normal' and tell them anything.

This abuse of Google Docs forms to do the same type of thing is facilitated by the expectation of users that there is so much legitimate use of Google Docs.


(Log in to post comments)

Oxford blocks Google Docs as a phishing countermeasure

Posted Mar 7, 2013 21:14 UTC (Thu) by dskoll (subscriber, #1630) [Link]

That won't work if you need people to login to Google Docs because you use things there internally.

So you disable the warning for forms created by paying customers. If a paying customer uses it for phishing, that customer will usually be a lot easier to track down than some anonymous free user.

Oxford blocks Google Docs as a phishing countermeasure

Posted Mar 7, 2013 22:50 UTC (Thu) by nowster (subscriber, #67) [Link]

That only works if the credit card used for paying for the scam account is not stolen.

Oxford blocks Google Docs as a phishing countermeasure

Posted Mar 7, 2013 23:20 UTC (Thu) by dskoll (subscriber, #1630) [Link]

*sigh* Come on, this is Google we're talking about. They can surely use some of the massive globs of data they collect to tell who is reputable and who isn't.

OK, fine. Only suppress the warning for paying customers in good standing who have been paying customers for at least 6 months. That should make it uneconomical for phishers.

Oxford blocks Google Docs as a phishing countermeasure

Posted Mar 9, 2013 16:34 UTC (Sat) by felixfix (subscriber, #242) [Link]

Until someone hijacks the account or steals the credentials.

Surely you know of Mr Murphy by now :-)

People looking to get work done don't have sneak thieves on their mind 24 hours a day, they have work to think of, but for people looking for easy ways to steal such data, that *is* their job.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds