top of page
  • tech360.tv

US$10 Million 2FA Bypass Scheme Unveiled on Telegram

Three cybercriminals pleaded guilty in a UK court to charges related to a £7.9 million two-factor authentication bypass scheme. The operation targeted 12,500 people via a website and Telegram group known as the OTP Agency. Basic subscribers could avoid 2FA at banks, whereas elite members gained access to Visa and Mastercard verification sites.


2FA fraud group
Credit: GETTY

Callum Picari, Vijayasidhurshan Vijayanathan, and Aza Siddeeque were behind the illegal scheme, which offered a subscription-based service via a website and a Telegram group.


The trio were charged with conspiracy to manufacture and supply tools for fraudulent activities, as well as money laundering. If convicted, they could face up to ten and fourteen years in prison, respectively.


The National Crime Agency in the United Kingdom confirmed that the three individuals ran the OTP Agency website and Telegram group, charging up to $500 per week in membership fees. The operation targeted approximately 12,500 people with the goal of profiting from bypassing 2FA security measures.


Investigations into the OTP Agency commenced in June 2020, with fraudulent activities suspected to have begun in September 2019. The Telegram group associated with the operation was deactivated in February 2021 after investigative journalist Brian Krebs exposed the illegal activities.


The OTP Agency's service enabled cybercriminals to bypass 2FA protections on banks such as HSBC, Monzo, and Lloyds for basic subscribers. Elite members gained access to Visa and Mastercard verification sites, allowing them to use social engineering tactics to obtain personal information and genuine 2FA codes from victims.


Although the hackers' total earnings are unknown, the NCA estimates that the elite subscription package may have generated nearly £7.9 million. Siddeeque provided technical assistance, while Picari was the driving force behind the operation, creating the site and promoting it on Telegram.


The trio is scheduled to be sentenced on November 2 after pleading guilty to the charges. Anna Smith, the NCA's National Cyber Crime Unit operations manager, warned that the convictions should serve as a deterrent to others offering similar illegal services, emphasising the agency's commitment to removing threats to public safety.


Despite the sophistication of the 2FA bypass scheme, users should continue to use multi-factor authentication whenever possible. Staying vigilant against phishing attempts is critical for protecting personal information and preventing unauthorised access to accounts.

 
  • Three cybercriminals pleaded guilty in a U.K. court to charges related to a £7.9 million 2FA bypass scheme.

  • The operation targeted 12,500 individuals through a website and Telegram group known as the OTP Agency.

  • Basic subscribers could bypass 2FA on banks, while elite members gained access to Visa and Mastercard verification sites.


Source: FORBES

As technology advances and has a greater impact on our lives than ever before, being informed is the only way to keep up.  Through our product reviews and news articles, we want to be able to aid our readers in doing so. All of our reviews are carefully written, offer unique insights and critiques, and provide trustworthy recommendations. Our news stories are sourced from trustworthy sources, fact-checked by our team, and presented with the help of AI to make them easier to comprehend for our readers. If you notice any errors in our product reviews or news stories, please email us at editorial@tech360.tv.  Your input will be important in ensuring that our articles are accurate for all of our readers.

bottom of page