Three men have pleaded guilty to running an online platform called OTP. Agency that provided social engineering help to obtain one-time passcodes from customers of various banks and services in the UK. The codes, also known as temporary passwords or OTPs, were part of multi-factor authentication protections.
Authorities estimate that Callum Picari (22), Vijayasidhurshan Vijayanathan (21), and Aza Siddeeque (19) targeted more than 12,500 people between September 2019 and March 2021. The platform promised to help deliver OTPs for over 30 online services, including Apple Pay, for weekly subscriptions ranging from £30 to £380.
The criminals used the obtained OTPs to access victims’ bank accounts and empty them. To obtain the OTPs, the platform made automated, scripted calls to the victims using text-to-speech technology and asked for the temporary password. The NCA explained that “criminals disguised the ID so it appeared as a real call from the victim’s bank.”
The three men also ran a Telegram group with over 2,200 members. Authorities believe they could have made up to £7.9 million. The trio faces charges of conspiracy to commit fraud and conspiracy to make and supply articles for use in fraud. The owner, Picari, is also charged with money laundering.
According to UK law, the first two charges can carry a maximum prison sentence of up to 10 years, while money laundering is punishable by up to 14 years. The exact sentences will be determined by the Snaresbrook Crown Court during a hearing scheduled for November 2.
Source: https://www.bleepingcomputer.com/news/legal/admins-of-mfa-bypass-service-plead-guilty-to-fraud/