{"id":167958,"date":"2024-09-03T07:02:58","date_gmt":"2024-09-03T07:02:58","guid":{"rendered":"https:\/\/securityaffairs.com\/?p=167958"},"modified":"2024-09-03T07:03:00","modified_gmt":"2024-09-03T07:03:00","slug":"otp-agency-operators-pleaded-guilty","status":"publish","type":"post","link":"https:\/\/securityaffairs.com\/167958\/cyber-crime\/otp-agency-operators-pleaded-guilty.html","title":{"rendered":"Three men plead guilty to running MFA bypass service OTP.Agency"},"content":{"rendered":"
<\/div>\n

Three men have pleaded guilty to operating OTP.Agency, an online service that allowed crooks to bypass Multi-Factor authentication (MFA).<\/h2>\n\n\n\n

Three men, Callum Picari (22), Vijayasidhurshan Vijayanathan (21), and Aza Siddeeque (19), have pleaded guilty to operating OTP.Agency<\/a>, an online platform that allowed crooks to bypass MFA used by customers of several banks and services. <\/p>\n\n\n

\n
\"OTP.Agency\"<\/a><\/figure><\/div>\n\n\n

These OTPs, used in multi-factor authentication, allowed criminals to bypass security and access victims’ bank accounts to steal funds.<\/p>\n\n\n\n

Cybercriminals paid a monthly subscription fee to OTP.Agency, which provided tools for socially engineering victims and tricked them into revealing one-time passcodes or personal information. <\/p>\n\n\n\n

“Launched in November 2019, OTP Agency was a service for intercepting one-time passcodes needed to log in to various websites.” reported<\/strong><\/a> the popular investigator Brian Krebs. “Scammers who had already stolen someone\u2019s bank account credentials could enter the target\u2019s phone number and name, and the service would initiate an automated phone call to the target that warned them about unauthorized activity on their account.”<\/em><\/p>\n\n\n\n

\n