Website Owners Plead Guilty to Facilitating Massive Banking Fraud
Three men have admitted to orchestrating a sophisticated cyber scheme that enabled criminals to bypass banking security measures and commit fraud, leading to their conviction and pending sentencing.
Callum Picari, 22, from Hornchurch, Essex; Vijayasidhurshan Vijayanathan, 21, from Aylesbury, Buckinghamshire; and Aza Siddeeque, 19, from Milton Keynes, Buckinghamshire were integral in operating www(DOT)OTP.Agency, a website that sold services to criminals looking to circumvent multi-factor authentication systems used by banks.
The National Crime Agency’s investigation revealed the trio charged a subscription fee for services that exploited social engineering tactics to obtain one-time passcodes (OTPs) from unsuspecting bank customers. This illicit activity targeted over 12,500 victims between September 2019 and March 2021, potentially netting the group between £30,000 to £7.9 million, depending on the subscription plans sold.
Anna Smith, Operations Manager from the NCA’s National Cyber Crime Unit, commented: “Picari, Vijayanathan, and Siddeeque opened the door for fraudsters to access bank accounts and steal money from unsuspecting members of the public. Their convictions serve as a stark warning to others providing similar illegal services.”
The guilty plea followed after a service closure precipitated by an investigative article that led to a panic among the operators. Their communication captured in police records highlighted the criminal nature of their operations.
Excerpts from their conversation show the urgency and awareness of their illegal activities, with phrases such as “bro we are in big trouble” and urgent discussions about deleting incriminating evidence to thwart investigations.
Further adding to the complexity of their operation, the criminals utilised software that implemented text-to-voice technology to impersonate security officials. This software would call multiple victims, read a script pretending to be from a security team, and trick victims into revealing OTPs needed to access their banking accounts.
All three defendants are scheduled to be sentenced at Snaresbrook Crown Court on 2 November 2024, following their admission to conspiracy to make and supply articles for use in fraud, with Picari also facing money laundering charges.
The National Cyber Security Centre continues to advise the public on maintaining strong passwords and being vigilant against unsolicited communications that request personal information.
Source: National Crime Agency
