Dropbox phishing campaign targeting Australian healthcare entities

The Australian Digital Healthcare Agency has observed an ongoing campaign of phishing emails affecting Australian healthcare organisations which share documents through Dropbox.

The campaign attempts to trick people into providing their username and credentials to access the non-existent ‘important documents’.

The phishing emails come in a set of two; the first email is sent from a compromised email account, possibly an account that belongs to an existing and trusted contact, stating that they will send a file through Dropbox. The second email from Dropbox is sent shortly after and links to a hosted PDF file. The PDF file contains a link to a malicious webpage that prompts the individual to enter their credentials to view the file.

The Agency has observed many email accounts belonging to healthcare entities compromised and used to facilitate further phishing attacks over several months.

What do I need to do? 

• Inform your staff of the ongoing campaign and advise them to be extremely wary of unsolicited emails asking the user to login to view files.

• If you believe your organisation may have been compromised by the campaign:

• Ensure all email and user account passwords are reset.

• Ensure multi-factor authentication is enabled for email accounts.

• Check for logins to accounts from unknown locations and overseas IP addresses.

• Check email accounts for unknown mail rules (such as automatic email forwarding to unknown email addresses).

• If your organisation has been affected and your organisation has access to the My Health Record system, please inform the Australian Digital Health Agency immediately at cyber-enquiries@digitalhealth.gov.au