I can believe it, I just don't know why it's not been customised to react to links to docs.google.com if it's such a high volume issue.
It's not a trivial problem by any means, but from the network security team's blog it doesn't seem like they've taken many of the steps that I'd expect prior to cutting off a very high traffic website.
There's the nice clever intelligent solution which could be developed over a few weeks, or there's the fact that the phishers have decided -- for whatever reason -- to go apeshit today.
True, but in this case it seems like it's not a particularly new problem, just something that they've finally reacted to?
They actually mention sinkholing spreadsheets.google.com in this post from August 2011 [1], they actually say "There are also some forms which are more difficult to block ( I don’t think we’d be too popular if we sink-holed spreadsheets.google.com for example)".
It's not a trivial problem by any means, but from the network security team's blog it doesn't seem like they've taken many of the steps that I'd expect prior to cutting off a very high traffic website.