Three men have pleaded guilty to creating a website that allowed criminals to bypass bank anti-fraud checks. The National Crime Agency (NCA) carried out an investigation which found that www.OTP.Agency, run by Callum Picari, Vijayasidhurshan Vijayanathan and Aza Siddique, was helping fraudsters access bank accounts and steal money.
The www.OTP.Agency website allowed criminals to sign up for services that helped them socially manipulate bank account holders into obtaining one-time passwords or other personal information. The basic service package cost £30 a week and bypassed multi-factor authentication on platforms such as HSBC, Monzo and Lloyds. An elite package for £380 a week provided access to Visa and Mastercard verification sites.
An NCA investigation began in June 2020 when it emerged that more than 12,500 people had fallen victim to the scam between September 2019 and March 2021. In March 2021, after the arrest of the trio, the site was disabled. The owner and main beneficiary, Picari, actively promoted the site’s services in a Telegram group that had more than 2,200 members. Following an article on Krebs on Security in February 2021, members of the group attempted to remove the compromising messages.
All three defendants pleaded guilty and will be sentenced on November 2, 2024 at Snaresbrook Magistrates’ Court. The NCA emphasizes the importance of being vigilant when using online banking and following cybercrime protection guidelines.