Three men in the United Kingdom have pleaded guilty to operating otp[.]agency, a once popular online service that helped attackers intercept the one-time passcodes (OTPs) that many websites require as a second authentication factor in addition to passwords.
Launched in November 2019, OTP Agency was a service for intercepting one-time passwords needed to log in to various websites. Scammers who had already stolen someone's bank account credentials could enter the target’s phone number and name, and the service would initiate an automated phone call to the target that warned them about unauthorized activity on their account.
The call would prompt the target to enter a one-time passcode generated by their phone’s mobile app, and the code was then relayed to the scammer’s user panel at the OTP Agency website.
The story I just published includes a hilarious chat conversation between two of the proprietors immediately after I profiled them in a Feb. 2021 story. They deleted their Telegram channel because "our chat is Fraud 100%", but issued a statement calling my story libelous and that they were a legit anti-fraud company. Idiots then went on to rebuild the site at the same address, and were arrested less than a month later.
Picari said: bro we are in big trouble… U will get me bagged… Bro delete the chat
Vijayanathan: Are you sure
Picari: So much evidence in there
Vijayanathan: Are you 100% sure
Picari: It’s so incriminating...Take a look and search 'fraud'...Just think of all the evidence...that we cba to find...in the OTP chat...they will find
Vijayanathan: Exactly so if we just shut EVERYTHING down
Picari: They went to our first ever msg...We look incriminating...if we shut down...I say delete the chat...Our chat is Fraud 100%
Vijayanathan : Everyone with a brain will tell you stop it here and move on
Picari: Just because we close it doesn’t mean we didn’t do it...But deleting our chat...Will f*^k their investigations...There’s nothing fraudulent on the site
Story: https://krebsonsecurity.com/2024/09/owners-of-1-time-passcode-theft-service-plead-guilty/
Video of how OTP Agency worked: https://www.youtube.com/watch?v=45GsKWyF63U
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.