Cyber Incident Victim: Miss England
Date:
Jan 2021
Location:
United Kingdom
Summary
The organizers of a long-standing English beauty pageant fell victim to a phishing attack when a fraudulent message, impersonating Instagram administrators, deceived a staff member into clicking a malicious link and surrendering authentication credentials. This compromised the pageant's Instagram account, which hackers seized, altered login details, and demanded payment for its return. The attackers subsequently contacted the organizer via mobile phone attempting to negotiate a ransom. Law enforcement and national fraud authorities were notified, while Instagram's parent company intervened to secure and restore the hijacked account with over 20,000 followers. The incident disrupted operations but was resolved without further financial loss.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On January 26, 2021, the organizers of the Miss England beauty pageant fell victim to a cyber-attack targeting their official Instagram account. The incident began when pageant director Angie Beasley received a fraudulent message appearing to originate from Instagram's administrators, alleging rule violations and threatening account closure. The message contained a link to appeal the decision, which Beasley clicked. She was then prompted to confirm her phone number and subsequently received a verification code that she provided to the attackers. This action granted cybercriminals full access to the account, which had accumulated over 20,000 followers. The attackers immediately changed the account password, locking Beasley out of the platform and seizing control of all administrative functions.
The following day, Beasley received a direct message on her mobile device from the attackers proposing to "make a deal" for account restoration, indicating a ransom demand. Beasley reported the incident to Action Fraud, the United Kingdom's national cybercrime reporting center, which escalated the case to Leicestershire Police given the pageant's headquarters location in that jurisdiction. Facebook, Instagram's parent company, intervened to secure the compromised account and restored access to the legitimate owners. The attack disrupted the organization's primary social media channel during a period when the pageant had already faced operational challenges, including the 2020 cancellation due to COVID-19. No further financial demands or secondary compromises were reported following the account's recovery.