Lenient Sentences for Fraud Service 'OTP Agency' Operators

The three young men who pleaded guilty last year to running a fraud service from Britain have received their final sentences.

This week, the UK’s National Crime Agency announced the sentences for the three youngsters who ran a service designed to sell access to people’s bank accounts.

The service's developer, 23-year-old Callum Picari, from Hornchurch, Essex, is the only one about to spend time behind bars. Vijayasidhurshan Vijayanathan, 21, from Aylesbury, Buckinghamshire, and Aza Siddeeque, 19, from Milton Keynes, Buckinghamshire, face considerably milder penalties for their complicity.

Fraud-as-a-service

The service, aptly titled OTP Agency (OTP referring to one-time-passcode), enabled subscription-based fraud.

For £30 a week (around 37 USD), buyers would get the one-time authentication codes of people logging into their accounts on platforms like HSBC, Monzo, Lloyds BT, Sky, Virgin Media and HMRC – and quickly use that access to drain victims’ bank accounts.

“Criminals were charged a monthly subscription fee for a service which allowed them to access personal bank accounts and other accounts online to commit account takeover, fraud and steal money,” according to the NCA. “A basic package costing £30 a week allowed access to the OTP.Agency spoof call bot, designed to trick victim account holders into disclosing genuine one-time passcodes for their online accounts. This enabled criminals to bypass multifactor authentication on online banking and telecoms platforms, allowing them to access accounts and complete fraudulent transactions.”

Siddeeque and Vijayanathan promoted the website, provided technical support to hopeful fraudsters, and administered the service’s Telegram channel.

The team would sometimes aim high, charging as much as £380 (470 USD) per month for elite plans “which offered both a bespoke 'free text to speech' service, where criminals could type any message they wanted an automated call to say, and pre-scripted calls […] to target customers.”

Officers recovered scripts pretending to be from BT, Sky, Virgin Media, HMRC, Mastercard and Visa.

‘Bro we are in big trouble’

The NCA’s press release includes a rather embarrassing snippet from the chat between the site’s operators as one realized they’d been caught by eagle eyes in the cybersecurity blogosphere – and soon to be “bagged” by police.

Picari: "bro we are in big trouble"... "U will get me bagged"... Bro delete the chat"

Vijayanathan: "Are you sure"

Picari: "So much evidence in there"

Vijayanathan: "Are you 100% sure"

Picari: "It's so incriminating"..."Take a look and search "fraud"..."Just think of all the evidence"..."that we cba to find"..."in the OTP chat"..."they will find"

Vijayanathan: "Exactly so if we just shut EVERYTHING down"

Picari: "They went to our first ever msg" ...We look incriminating"..."if we shut down"..."I say delete the chat"..."Our chat is Fraud 100%"

Vijayanathan: "Everyone with a brain will tell you stop it here and move on"

Picari: "Just because we close it doesn't mean we didn't do it"..."But deleting our chat"..."Will f*^k their investigations"..."There's nothing fraudulent on the site"

“It is not known how much money the group made from the venture but estimates show it would have been around £90,000 if the 3,000 subscribers purchased the basic plan once, and up to £7.9 million if they opted for the elite package on a weekly basis,” according to the NCA’s estimate.

Mild sentences

All three initially denied knowingly being involved in criminality, but later admitted to the charges at Snaresbrook Crown Court, with Siddeeque being the last to plead guilty, in August 2024.

The trio were charged with conspiracy to make and supply articles for use in fraud, as well as money laundering for Picari, the head of the operation.

Picari has been sentenced to two years and eight months imprisonment, while Vijayanathan and Siddeeque were told they may walk away with 12-month community orders and 200 hours and 160 hours of community service respectively. The two were also ordered to pay costs of £760 each.

Keep scammers at bay

According to the Bitdefender 2024 Consumer Cybersecurity Assessment Report, text-based scams are the most common threat consumers face today. Still, four in five netizens make sensitive transactions on their phones without adequate cybersecurity practices.

Oour study also indicates that people who can’t recognize a scam may have experienced one without knowing. So it’s important to spot the red flags before it’s too late.

Read: Got a Strange Text? 5 Signs That You’re Being Scammed (and How to Protect Yourself)

Consider using Scamio to combat socially engineered attacks on your online accounts – especially your bank account. If you're suspicious of a certain phone call, email or SMS, Scamio provides a fast and efficient way to find out if you’re being conned. Simply describe the situation to our clever chatbot and let it guide you to safety. Share with Scamio the exact thing you want to check: a screenshot, PDF, QR code or link. Scamio lets you know in seconds if it’s a scam.