Three men have been sentenced at London’s Snaresbrook Crown Court after pleading guilty to various cyber crime offenses linked to OTP.Agency, an underground subscription service. This site allowed cyber criminals to purchase access to victims’ online accounts, including personal bank accounts, facilitating fraud and theft.
Callum Picari, 23, from Hornchurch in Essex; Vijayasidehurshan Vijayanathan, 21, from Aylesbury in Buckinghamshire; and Aza Siddeeque, 19, from Milton Keynes, helped perpetrators perform social engineering attacks to trick victims into revealing personally identifiable information. They targeted one-time passcodes (OTPs) used in legitimate multifactor authentication processes.
The OTP.Agency offered a tiered service. The basic package, costing £30 a week, provided access to a spoof call bot designed to deceive victims. The elite plan, at £380 a month, included advanced services like automated calls using custom scripts created by the defendants.
During the investigation, the National Crime Agency (NCA) seized scripts of fraudulent calls impersonating well-known companies such as BT, HMRC, and Visa. The NCA, which started its probe in 2020, estimates that over 12,500 people might have been targeted, resulting in more than 65,000 attempted frauds from September 2019 to March 2021. Though the exact revenue from OTP.Agency remains unclear, if a majority of users opted for the top-tier package, the operation could have generated millions.
Tim Court, a senior manager at the NCA’s National Cyber Crime Unit, emphasized the agency’s capability to dismantle harmful websites and bring offenders to justice. He urged the public to remain vigilant with online banking, warning that criminals may impersonate trusted entities. If anything seems suspicious, he advised reaching out directly to the organization using official contact details.
Craig Rice, CEO of the Cyber Defence Alliance, highlighted the ongoing efforts of UK law enforcement to combat the industrial-level fraud fueled by services like OTP.Agency. He noted the collaboration between law enforcement and industry experts as crucial in disrupting criminal networks.
Before its closure, OTP.Agency was primarily run by Picari, who promoted the service in a Telegram group with over 2,200 members, claiming users could make profits quickly. Vijayanathan helped with administrative tasks and managed moderators while Siddeeque provided technical support.
After their arrest, they faced charges of conspiracy to make and supply articles for use in fraud, with Picari also charged with money laundering. Initially denying their roles, they later changed their pleas. Picari received a two-year-and-eight-month prison sentence, while his co-defendants received 12-month community orders, ordered to pay £760 each, and complete community service hours of 200 and 160, respectively. The NCA has begun recovery actions against Picari.