Three men have admitted guilt to operating a website enabling cyber criminals to bypass bank anti-fraud safeguards.
A National Crime Agency (NCA) probe revealed that Callum Picari, Vijayasidhurshan Vijayanathan, and Aza Siddeeque ran the www.OTP.Agency site.
Vijayanathan, 21, resided in Aylesbury, Buckinghamshire, and Siddeeque, aged 19, is originally from Milton Keynes, Buckinghamshire.
Callum Picari, 22, hailed from Hornchurch, Essex.
The site charged criminals a monthly subscription fee, aiding in socially engineering bank account holders into sharing their one-time-passcodes or other personal data.
The basic £30 a week package allowed multi-factor authentication to be bypassed on platforms like HSBC, Monzo, and Lloyds, facilitating fraudulent online transactions.
An elite plan priced at £380 weekly, provided access to Visa and Mastercard verification sites, thus enabling thieves to access personal bank accounts and steal money.
The NCA's cyber investigation into the website launched in June 2020 discovered that over 12,500 people were targeted between September 2019 and March 2021.
The website was taken offline in March 2021 following the arrest of the three men.
Picari, the site's owner, developer, and main beneficiary, promoted the service on a Telegram group of over 2,200 members.
Picari posted: "First and last professional service for your OTP stealing needs.
"We promise you will be making profit within minutes of purchasing our service…".
He added "Ever wanted to grab a one time passcode for any website?
"Well, now you can!
"With OTPAgency, it’s only £30 a week you really don’t wanna miss out".
Panic ensued following a Krebs on Security article published in February 2021 which led to the deletion of the Telegram group.
Chat records show Picari expressing concerns about incriminating evidence leading to their "bagging" and urging Vijayanathan to delete all group chats.
The three culprits were charged with conspiracy to make and supply articles for use in fraud.
Picari faced an additional charge of money laundering.
They initially denied being linked to criminal activities but later confessed to the charges, with Siddeeque being the last to plead guilty.
Anna Smith, Operations Manager from the NCA’s National Cyber Crime Unit, said: "Picari, Vijayanathan, and Siddeeque opened the door for fraudsters to access bank accounts and steal money from unsuspecting members of the public.
"The NCA can disrupt and dismantle websites posing threats to people’s livelihoods."
She also advised the public to be vigilant while using online banking services, to maintain strong passwords, and seek aid on the National Cyber Security Centre's website for the proper protection against cyber-attacks.
The three are scheduled to be sentenced at Snaresbrook Crown Court on November 2, 2024.
Comments: Our rules
We want our comments to be a lively and valuable part of our community - a place where readers can debate and engage with the most important local issues. The ability to comment on our stories is a privilege, not a right, however, and that privilege may be withdrawn if it is abused or misused.
Please report any comments that break our rules.
Read the rules hereLast Updated:
Report this comment Cancel