Susquehanna recipients receiving a Google Forms notification via email will be strongly discouraged from interacting with it. Upon clicking a Google Forms link in an email, the recipient will be warned of its high potential to be malicious (but can bypass this at their own risk):
Why? Google Forms is the #1 attack vector phishing attacks on SU. While we know that Google Forms has legitimate uses, it is one of the most popular methods for phishing / fake logon forms. Since Susquehanna is not on the Gmail/Google platform, we do not endorse it for campus use, which is why we added it to our block list in email links. Since some folks may still have a need to access a legitimate Google Form from an external partner, we allow users to click through, after the very noticeable warning about it being potentially malicious. We are not able to omit a single Google Form, it’s all or nothing.
Aside from the phishing, we discourage employees’ use of Google Forms for university business for other reasons:
- We’re not able to support forms in an environment we don’t manage (Google Apps)
- It causes confusion/support issues if the form author requires logging in to complete the form (as users cannot use their SU credentials in the Google ecosystem, and would need to have/create a personal Google account)
- Use may violate our data classification policies depending on the type of data being collected, as we have no access to audit/secure the submission data (in the event that it’s sensitive data)
- We cannot transition the form during staffing changes
- It causes confusion in identifying legitimate university forms by hosting them in an environment we tell folks to be leery of
- We have limited options to request Google to remove malicious forms in a timely manner, since we are not a Google Apps customer
We ask that employees utilize our university-supported form platforms via their SU credentials:
Microsoft Forms:
https://forms.office.com/
(self-service, most similar to Google Forms)
Training for Microsoft Forms can be found here: https://support.microsoft.com/en-us/forms
Qualtrics:
https://susqu.qualtrics.com/
(self-service, more robust for workflows and metrics)
Frevvo:
(Offers advanced workflows and SU systems integration. Please submit an IT request for help with this tool.)