Three charged over banking fraud for hire website

Three men alleged to have operated a website that offered banking fraud services to cyber criminals have been charged with various offences following a multi-year investigation by the UK’s National Crime Agency (NCA).

Callum Picari, 21, of Hornchurch in Essex, Vijayasidhurshan Vijayanathan, 19, of Aylesbury in Buckinghamshire, and Aza Siddeeque, 18, of Milton Keynes, were arrested in March 2021 during an NCA probe into www.OTP.Agency, a subscription website that offered services enabling criminals to circumvent anti-fraud measures put in place by retail banks.

The website helped criminals and fraudsters conduct social engineering attacks on bank account holders, luring them into revealing crucial details needed to access their accounts, such as one-time passcodes and other items of personally identifiable information (PII).

This information allowed its holders to bypass multi-factor authentication (MFA) measures that were supposed to have protected the victims, giving them access to online banking and other accounts.

Users of the website are believed to have targeted more than 12,500 members of the public during the 18-month period before it was shut down. “This website was essentially a one-stop-shop which provided tools that made it easy for criminals to access bank accounts of members of the public and steal from them,” said Anna Smith, operations manager at the NCA’s National Cyber Crime Unit.

“Our investigation has protected the public from online fraudsters who used it for criminal and financial gain,” she said. “This should serve as a warning to other people offering similar services. The NCA has the capability to disrupt and dismantle sites which pose a threat to people’s personal finances.

“We would also urge anyone using online banking services to be vigilant,” said Smith. “Criminals may pretend to be a trusted person or company when they call, email or message you. If something seems suspicious or unexpected, such as requests for personal information, contact the organisation directly to check using details published on their official website.”

Picari, Vijayanathan and Siddeeque have been charged with conspiracy to make and supply articles for fraud under sections six and seven of the 2006 Fraud Act, and section one of the 1977 Criminal Law Act. Picari has additionally been charged with money laundering under section 327 of the Proceeds of Crime Act. They will appear at Barkingside Magistrates’ Court on Wednesday 19 April.

Smith said the NCA urged anyone using online banking services to be vigilant to similar activity to that enabled by the OTP.Agency site.

“Criminals may pretend to be a trusted person or company when they call, email or message you,” she said. “If something seems suspicious or unexpected, such as requests for personal information, contact the organisation directly to check using details published on their official website.”

Victims of fraud are advised to report it to Action Fraud online, or to Police Scotland by calling 101.

Additional advice and guidance on how private individuals can mitigate against fraud and other kinds of cyber attack, and protect themselves from falling victim in future, is available from the National Cyber Security Centre.