Three operators of a service that provided criminals with one-time passcodes and other ways to circumvent bank fraudulent checks plead guilty
Three suspects have pleaded guilty to offering a monthly subscription service to criminals that circumvents the check mechanisms that banks have in place to prevent fraud and illicit activity, calling it 'the first and only professional service for those who need to steal OTPs (one-time passcodes).'
Website promised fraudsters profit within minutes if they subscribed to illegal service - National Crime Agency
Admins of MFA bypass service plead guilty to fraud
According to the UK National Crime Agency, the service in question, OTP.Agency, was run by three suspects: Karam Pikali (22), Vijayasidrshan Vijayanathan (21), and Aza Siddiq (19).
The service involves social engineering bank account holders into revealing real one-time passcodes or other personally identifiable information, which can then be sold to criminals.
The basic plan, which cost £30 (US$50) per week, offered users the ability to complete fraudulent online transactions by bypassing multi-factor authentication on major banking platforms such as HSBC, Monzo and Lloyds, while the elite plan, which cost £380 (US$750) per week, also included access to Visa and Mastercard.
According to cyber investigators from the UK's National Crime Agency, more than 12,500 people were targeted in the 18 months leading up to March 2021, when the three were arrested and the site was shut down.
It is not known how much profit the group made, but it is estimated that it was around £30,000 (about 5.76 million yen) if it was mainly the basic plan, and around £7.9 million (about 1.517 billion yen) if it was mainly the elite plan.
Although OTP.Agency has been shut down, similar services are still active, so security information site Krebs on Security is warning users to be careful.
Owners of 1-Time Passcode Theft Service Plead Guilty – Krebs on Security
https://krebsonsecurity.com/2024/09/owners-of-1-time-passcode-theft-service-plead-guilty/
Related Posts:
in Security, Posted by logc_nt