Scammers Operating OTP Fraudulent Site Plead Guilty

Please note that we are not authorised to provide any investment advice. The content on this page is for information purposes only.

Three men who were charged with operating a One-Time-Passcode (OTP) scam in the UK have pleaded guilty to the crime. Reports revealed that they were operating subscription-based sites where they reap unsuspecting victims a fraudulent way of collecting information.

The offenders pay monthly subscription fees for the service, which enables them to use social engineering tactics to convince bank account holders to disclose important information or give their one-time passwords.

They Bypass MFA Services To Steal Customer’s Information

According to the report, the criminals pay £30 for a basic package, allowing them to easily bypass multi-factor authentication (MFA) systems on platforms like Lloyds, Monzo, and HSBC. The free pass also grants access to Mastercard and Visa verification sites. This allowed the criminals to easily complete fraudulent online transactions.

The National Crime Agency in the UK started investigating the website in June 2020. The agency stated that more than 12,500 individuals may have been targeted by the scammers from September 2019 to March 2021. The agency arrested the three persons involved in the scams in 2021.

It’s not clear how much the group had made from the fraudulent activities before they were arrested. But based on estimates, they would have made about £7.9 million if their victims bought the premium package, and about £300,000 if they had opted for the basic plan.

MFA Security Systems Could Go Obsolete

The Operations Manager at the National Cyber Crime Unit, Anna Smith, commented on the situation. She stated that the three accused benefited from the fraudulent activity by operating the OTP Agency.

She added that the latest conviction of the trio stands as a warning for anyone who wants to carry out similar deceitful activities on unsuspecting victims. Anna said that the NCA has the capacity to block and close websites that tend to deprive people of their livelihoods. “We would also urge anyone using online banking services to be vigilant”, she added.

The MFA verification option was first introduced in the 2000s as a way of strengthening online security. But this security option has proven to have exploitable loopholes as have been seen in several instances.

Now, many companies and organizations are gradually facing out MFAs in favor of digital tokens when it comes to bank logins. Baks in Singapore are already using this security approach. Mastercard recently launched a new gateway, called Payment Passkey, in India. It will replace the traditional OTP verification method to provide a more secure authentication method.

About Ali Raza PRO INVESTOR

Ali is a professional journalist with experience in Web3 journalism and marketing. Ali holds a Master's degree in Finance and enjoys writing about cryptocurrencies and fintech. Ali’s work has been published on a number of leading cryptocurrency publications including Capital.com, CryptoSlate, Securities.io, Invezz.com, Business2Community, BeinCrypto, and more.