Educause Security Discussion mailing list archives

Re: Google Docs abuse

From: Bob Bayn <bob.bayn () USU EDU>
Date: Fri, 20 Jul 2012 21:03:09 +0000

I just told someone this morning when they reported a phish message with a Google spreadsheet link, that I'm glad to 
see Google links in phish messages because they don't deliver malware and they have a "report abuse" link right on the 
form.  But I hate Google spreadsheet forms because it seems like all of them are password collection pages and so the 
"service" from Google does more harm than good.

It also seems like Google should have the tools and capacity to intervene automatically when someone makes a form that 
looks like a password collector.  Or they could send us the entries for our domain when they decide to respond to an 
abuse complaint.


Bob Bayn              (435)797-2396           IT Security Team
Office of Information Technology,     Utah State University
    three common hazardous email scams to watch out for:
     1) "phishing" for your email password
     2) unfamiliar transaction report from familiar business
     3) attachment with no explanation in the message body

________________________________
From: The EDUCAUSE Security Constituent Group Listserv [SECURITY () LISTSERV EDUCAUSE EDU] on behalf of Dan Han [s2dhan 
() VCU EDU]
Sent: Friday, July 20, 2012 1:50 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Google Docs abuse

I am sure many of you have experienced the phishing scams hosted on Google spreadsheets. While we report these scams to 
Google through the Report Abuse link, it seems that the time it takes for Google to remove the phishing site varies 
significantly. While some links are taken down almost immediately, others stay active for days, if not weeks after 
multiple reports through the abuse link.

Also, this maybe coincidence, but I have realized that some of the phishing links hosted on EDU's Google Apps often 
takes longer for Google to resolve than others. Has anyone noticed the same pattern, and does anyone have any tips on 
how to escalate these cases when Google fails to respond to the abuse report? Thank you.

Dan Han
Information Security Officer
Virginia Commonwealth University

Current thread:

Google Docs abuse Dan Han (Jul 20)
- Re: Google Docs abuse Jeffrey Schiller (Jul 20)
- Re: Google Docs abuse Bob Bayn (Jul 20)
  - Re: Google Docs abuse Jeffrey Schiller (Jul 20)
    - Re: Google Docs abuse Dan Han (Jul 20)
    - Re: Google Docs abuse Tracy Mitrano (Jul 23)
    - Re: Google Docs abuse Jacob Steelsmith (Jul 24)