- MS “월 200달러 챗GPT 고급 AI 기능, 윈도우 사용자에 무료 제공”
- 애널리스트들이 바라본 '트럼프의 100% 관세 위협'
- Explaining DeepSeek: The AI Disruptor That’s Raising Red Flags for Privacy and Security | McAfee Blog
- Revolutionizing data management: Trends driving security, scalability, and governance in 2025
- Microsoft AI investments cause cloud operating income growth to plunge
British Vishing-as-a-Service Trio Sentenced
Three men have been sentenced in a London court, after pleading guilty to operating a sophisticated scheme that helped fraudsters login to victims’ bank and telecoms accounts.
Callum Picari, 23, from Hornchurch, Vijayasidhurshan Vijayanathan, 21, from Aylesbury, and Aza Siddeeque, 19, from Milton Keynes, had pleaded guilty last year to “conspiracy to make and supply articles for use in fraud.” Picari also pleaded guilty to money laundering, according to the National Crime Agency (NCA).
At Snaresbrook Crown Court yesterday, Picari was sentenced to two years and eight months imprisonment, while Vijayanathan and Siddeeque were both given 12-month community orders and ordered to pay costs of £760 each. They will also have to undertake 200 hours and 160 hours of community service respectively.
The three ran a site called www.OTP.Agency which charged a monthly subscription fee to fraudsters keen to hijack victims’ accounts by bypassing multi-factor authentication (MFA).
Read more on vishing: European Police Take Down $9m Vishing Gang
A basic package of £30 a week provided access to a “call bot” designed to trick victim account holders into disclosing genuine one-time passcodes (OTPs), the NCA said.
For £380 per month, fraudsters could access a text-to-speech service, enabling them to personalize the automated OTP calls, as well as pre-scripted calls designed by Picari, Vijayasidhurshan and Siddeeque.
Investigating officers apparently found scripts for use by fraudsters masquerading as representatives of BT, Sky, Virgin Media, HMRC, Mastercard and Visa.
The NCA estimated that around 12,500 victims were targeted with more than 65,000 of these calls between September 2019 and March 2021, when the site was shuttered after the trio were arrested.
It’s still unclear how much they made from their 3000 subscribers. The NCA said it would have been around £90,000 if these fraudsters purchased the basic plan, but up to £7.9m if they chose the elite package on a weekly basis.
Picari was described by the agency as the “owner, developer and main beneficiary” of the vishing-as-a-service platform. Siddeeque is said to have promoted the site and provided technical support on Telegram in exchange for unlimited use of the website to commit fraud.
Vijayanathan also promoted the website, and helped with administration, according to the NCA.
OTPs are now widely regarded as the least secure form of MFA. As far back as 2022, off-the-shelf MFA bypass kits were used to send millions of phishing messages, according to Proofpoint.
