In the United Kingdom, three men have pleaded guilty to operating a website that enabled fraudsters to bypass banking security measures during the COVID-19 lockdown, ultimately affecting over 12,500 individuals.
The website, otp.agency, was established in September 2019 by Callum Picari, 22, from Hornchurch, Essex; Vijayasidhurshan Vijayanathan, 21, from Aylesbury, Buckinghamshire; and Aza Siddeeque, 19, from Milton Keynes, Buckinghamshire. The platform provided criminals with tools to socially engineer bank account holders into revealing one-time passcodes through automated phone calls, allowing them to circumvent multi-factor authentication on banking platforms.
The National Crime Agency (NCA) arrested the men and seized the website in March 2021. The site had operated on a subscription model, with a basic plan costing £30 per week, granting access to bypass authentication on banks such as HSBC, Monzo, and Lloyds. An “elite plan,” costing £380 per week, provided more advanced features, including access to Visa and Mastercard verification sites.
While the exact financial gain from this criminal enterprise remains unclear, the NCA’s investigation, which began in June 2020, revealed that Picari was the primary developer and beneficiary of the site. The group had been promoting the service via a Telegram channel that boasted over 2,200 members.
Following an exposé by independent journalist Brian Krebs, panic ensued among the trio, leading to a frantic exchange of messages between Picari and Vijayanathan. The conversation, as detailed by the NCA, highlighted their concerns about incriminating evidence:
- Picari: “bro we are in big trouble… U will get me bagged… Bro delete the chat”
- Vijayanathan: “Are you sure”
- Picari: “So much evidence in there…Just think of all the evidence…that we cba to find…in the OTP chat…they will find”
- Vijayanathan: “Exactly so if we just shut EVERYTHING down”
- Picari: “They went to our first ever msg…We look incriminating…if we shut down…I say delete the chat…Our chat is Fraud 100%”
Despite initially denying their involvement in criminal activities, all three men eventually pleaded guilty to conspiracy to make and supply articles for use in fraud. Picari was also charged with money laundering.
Their sentencing is scheduled for November 2, 2024, at Snaresbrook Crown Court.
Anna Smith, operations manager at the NCA’s National Cyber Crime Unit, commented on the case, stating, “Picari, Vijayanathan, and Siddeeque facilitated a significant breach in online banking security, allowing criminals to exploit and steal from innocent people. Their convictions serve as a stark warning to others considering similar ventures: the NCA has the resources and determination to dismantle and disrupt such threats.”
Smith also urged the public to remain vigilant when using online banking services. “If something seems suspicious or unexpected, such as requests for personal information, always verify with the organization directly through official contact details,” she advised.
Aza Siddeeque, 19,
Sponsored • TRJ Ads
Inquiries: contact@therealistjuggernaut.com
