Three men have been charged with fraud offences as part of a National Crime Agency investigation into a website which enabled criminals to subvert banking anti-fraud measures.

NCA cyber crime investigators began probing the paid for subscription website www.OTP.Agency in June 2020.

The site provided a service to criminals by helping them socially engineer bank account holders into disclosing genuine one-time-passcodes, or give other personally identifiable information, allowing multi-factor authentication to be bypassed.

This granted access to a victim’s online banking or other accounts, enabling criminals to complete fraudulent online transactions.

Investigators believe over 12,500 members of the public were targeted between September 2019 and March 2021, when the alleged website controllers were arrested and it was taken offline.

Callum Picari, 21, from Hornchurch, Essex; Vijayasidhurshan Vijayanathan, 19, from Aylesbury, Buckinghamshire; and Aza Siddeeque, 18, from Milton Keynes, Buckinghamshire, were arrested on 24 March 2021.

They were charged last month with conspiracy to make and supply articles for use in fraud. Picari was also charged with money laundering, and converting criminal property. They are due to appear at Barkingside Magistrates’ Court on Wednesday (19 April).

Anna Smith, Operations Manager from the NCA’s National Cyber Crime Unit, said: “This website was essentially a one-stop-shop which provided tools that made it easy for criminals to access bank accounts of members of the public and steal from them.

“Our investigation has protected the public from online fraudsters who used it for criminal and financial gain.

“This should serve as a warning to other people offering similar services. The NCA has the capability to disrupt and dismantle sites which pose a threat to people’s personal finances.
“We would also urge anyone using online banking services to be vigilant.

“Criminals may pretend to be a trusted person or company when they call, email or message you. If something seems suspicious or unexpected, such as requests for personal information, contact the organisation directly to check using details published on their official website.”

Having a strong password is also extremely important. Advice on this, and further guidance on how to mitigate against fraud and cyber attacks, can be found on the National Cyber Security Centre’s website – www.ncsc.gov.uk.