Trio Admits Running “OTP Agency” Enabling Bank Fraud, and 2FA Bypass

2 months ago 13
BOOK THIS SPACE FOR AD
ARTICLE AD

Three men plead guilty to running OTP Agency, a website that enabled criminals to bypass banking security and commit fraud. The NCA’s investigation revealed over 12,500 victims and potential earnings of up to £7.9 million.

Three UK men have admitted to running a sophisticated criminal enterprise that provided fraudsters with the tools to bypass bank security measures and plunder personal accounts. The operation, known as OTP Agency (website: OTP.Agency), offered subscription-based services that allowed criminals to intercept one-time passcodes (OTPs) and other sensitive information, effectively opening the door to widespread financial fraud.

Callum Picari, Vijayasidhurshan Vijayanathan, and Aza Siddeeque operated the website, which was available through various subscription packages. A basic plan, costing £30 per week, allowed users to bypass multi-factor authentication on platforms like HSBC, Monzo, and Lloyds, facilitating unauthorized transactions. The elite plan, priced at £380 per week, granted access to Visa and Mastercard verification sites, offering broader capabilities for financial theft.

Trio Admits to Running "OTP Agency" That Enabled Widespread Bank FraudScreenshot from the OTP Agency site (Screenshot: Hackread.com)

The National Crime Agency (NCA) investigation revealed that the group targeted over 12,500 individuals between 2019 and 2021. While the exact financial gains remain unclear, estimates suggest the operation could have generated millions of pounds in illicit profits.

Trio Admits to Running "OTP Agency" That Enabled Widespread Bank FraudImage: NCA

Evidence obtained by the NCA included panicked messages between Picari and Vijayanathan following a 2021 article by KrebsOnSecurity exposing their activities. The messages revealed a conscious effort to cover their tracks and obstruct the investigation, highlighting the group’s awareness of the severity of their crimes.

The trio initially denied involvement but ultimately pleaded guilty to conspiracy to make and supply articles for use in fraud. Picari also admitted to money laundering charges. Their sentencing is scheduled for November 2024.

— National Crime Agency (NCA) (@NCA_UK) August 31, 2024

NCA officials emphasized the significant threat posed by such criminal services and their commitment to disrupting these operations. They urged the public to remain vigilant against phishing attempts and suspicious requests for personal information, advising direct contact with financial institutions to verify any unexpected communications.

This case serves as a stark reminder of the evolving tactics employed by cybercriminals and the importance of robust security measures to protect against financial fraud.

1 in 5 Youth Engage in Cybercrime, NCA Finds NCA’s LockBit Takedown: Arrests and Recovery Tool Revealed UK Shuts Down ‘Russian Coms’ Fraud Platform Defrauding Millions Mastermind Behind iSpoof Fraud Site Sentenced to 13 Years in the UK UK Teenagers Face Trial for Hacking Nvidia, Rockstar Games, Revolut
Read Entire Article