Instagram account takeover at historic NGO

CyberPeace Institute

The Union for International Cancer Control (UICC) is a non-governmental organisation that unites and supports the cancer community to reduce the global cancer burden, to promote greater equity, and to ensure that cancer control continues to be a priority in the world health and development agenda. Over the summer of 2021, cybercriminals took control of UICC’s World Cancer Day Instagram account managed by UICC, which serves as a platform for one of the most important health awareness days celebrated every year on 4 February.

We talked with Nicole Engelbrecht, Head of Communication and Marketing, who faced the incident. This cyberattack is yet another reminder of the fragility of trust in cyberspace and how one incident on one platform can jeopardize the critical mission of any organization in the world.

What happened

UICC lost control of the Instagram account associated with World Cancer Day, which UICC organizes, following a spear phishing email that appeared to come from Instagram. The email served UICC with a false complaint for copyright infringement on an Instagram picture posted by the communications team. Kaspersky reported on this tactic in March 2019 – emails back then looked like this:

Source: Kaspersky

A spear phishing email is a fraudulent email crafted specifically for its recipient, increasing the probability that the latter will trust it and perform the intended action: open an attachment, click on a link, enter credentials, etc.

The email UICC received contained a link that redirected to a webpage looking like an Instagram webpage asking for the account credentials, followed by a pop-up message thanking the team for the request submission.

Two days after the request submission, cybercriminals reached out to UICC via WhatsApp claiming that they had taken control of the World Cancer Day Instagram account and demanded a ransom to give the account back. At this point the cybercriminals had changed the email address, password and phone number linked to the account and disabled it.

It took UICC several weeks to regain access to its Instagram account. Nicole and her team struggled to contact Instagram and get their account back; they eventually managed to do so via a personal connection at Meta (then Facebook), Instagram’s holding company.

What is at risk

For almost a month, the digital trust that donors, beneficiaries, partners and close to 20,000 followers have invested in UICC and World Cancer Day was at risk. The cybercriminals behind the attack had full liberty to post content to put pressure on UICC to pay the ransom.

UICC created the World Cancer Day Instagram account in 2014 to promote global campaigns on that day. This account takeover could have set UICC’s online presence back for years and hurt its activities.

Nicole and her team were swift to react and to transform this incident into an opportunity to improve UICC’s cybersecurity practices. They also understood the value of sharing with the community so that other NGOs realize it doesn’t only happen to others and prioritize cybersecurity accordingly.

UICC is seeking further assistance from our CyberPeace Builders, a network of corporate cybersecurity volunteers managed by the CyberPeace Institute. If you work for an NGO, we can help you: like UICC, join in the CyberPeace Builders’ Community.

© Copyright 2023: The concepts and information contained in this document are the property of the CyberPeace Institute, an independent non-governmental organization headquartered in Geneva, unless indicated otherwise from time to time throughout the document. This document may be reproduced, in whole or in part, provided that the CyberPeace Institute is referenced as author and copyright holder.


Support the CyberPeace Institute

Individual lives can be changed dramatically by the acts of cyber criminals. We need your support to assist victims of cyberattacks in the NGO, humanitarian and healthcare sectors.


Subscribe to our newsletter

Receive monthly news on what’s happening at the Institute: our impact, publications, events and important milestones.