Website Operators Arrested for Running an MFA Bypass Site


Three men have pleaded guilty to operating a website that enabled criminals to bypass banking anti-fraud checks, leading to significant financial losses for unsuspecting victims.

The website, www.OTP.Agency, was run by Callum Picari, 22, from Hornchurch, Essex; Vijayasidhurshan Vijayanathan, 21, from Aylesbury, Buckinghamshire; and Aza Siddeeque, 19, from Milton Keynes, Buckinghamshire.

EHA

Criminal Enterprise Unveiled

The National Crime Agency (NCA) investigation revealed that the trio charged criminals a subscription fee to access their service. This allowed them to socially engineer bank account holders into revealing one-time passcodes and other personal information.

What Does MITRE ATT&CK Expose About Your Enterprise Security? - Watch Free Webinar!

The basic package, costing £30 a week, enabled multi-factor authentication (MFA) bypass on platforms such as HSBC, Monzo, and Lloyds, facilitating fraudulent transactions.

An elite plan, priced at £380 a week, granted access to Visa and Mastercard verification sites, significantly increasing the potential for financial theft.

Impact and Investigation

NCA cyber investigators began probing the website in June 2020. They believe over 12,500 public members were targeted between September 2019 and March 2021.

Although the exact profits from the venture remain unknown, estimates suggest earnings could have reached up to £7.9 million if users predominantly purchased the elite package. The website was taken offline following the operators’ arrest in March 2021.

The trio faced conspiracy charges to make and supply articles for use in fraud, with Picari also charged with money laundering.

Initially denying involvement, all three have since admitted their guilt. The sentence is scheduled for November 2, 2024, at Snaresbrook Crown Court.

Anna Smith, Operations Manager from the NCA’s National Cyber Crime Unit, emphasized the seriousness of the crimes and warned others offering similar services of the NCA’s capability to dismantle such operations.

She urged the public to remain vigilant against potential fraud attempts, highlighting the importance of verifying unexpected requests for personal information.

Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN - 14 day free trial



Source link