JokerOTP Dismantled After 28,000 Phishing Attacks, 2 Arrested

Two individuals have been arrested in a joint international operation dismantling JokerOTP, a sophisticated phishing tool used to intercept 2FA codes and steal over £7.5 million. Learn how this scam worked, the charges involved, and the ongoing efforts to combat this cybercrime network.

In a coordinated effort, law enforcement agencies have busted a large-scale cyber fraud operation leading to the arrest of a 24-year-old man in Middlesbrough, England on Tuesday, April 22nd, while simultaneously, a 30-year-old man was arrested by Dutch authorities in the Oost-Brabant, the Netherlands. These arrests are the result of a three-year probe led by the Cyber Crime Unit of Cleveland Police in the UK connected to the dismantling of a phishing tool known as JokerOTP.

As per the Cleveland Police’s press release, Joker OTP was allegedly designed to deceive individuals into revealing crucial authentication codes and other private information. This stolen data was then used to carry out fraudulent transactions on victims’ bank accounts.

Reportedly, this tool was utilized over 28,000 times across at least 13 different countries during two years, resulting in estimated financial losses totalling £7.5 million. The individuals arrested in connection with this operation used the aliases “spit” and “defone123” for their online operations.

Using this tool, fraudsters make phone calls to victims, impersonating representatives from trusted organizations like banks or cryptocurrency exchanges e.g. Coinbase. Victims are deceived into providing a one-time password or 2FA code they just received, which allows them to bypass security measures and gain unauthorized access to the victim’s accounts.

Detective Sergeant Kevin Carter of Cleveland Police’s Cyber Crime Unit emphasized the scale of the investigation, calling it one of the largest cases of computer misuse and fraud the force has ever handled. He highlighted the extensive collaboration with various law enforcement bodies over the three-year investigation to understand the scope of the criminal activity, identify the affected victims, and pinpoint the individuals involved.

The Dutch National Police also played a crucial role, joining the investigation in 2024 and providing essential support and expertise vital for the successful disruption of the suspected criminal network.

The individuals face serious charges including supplying articles for use in fraud, conspiracy to supply articles for use in fraud, fraud by false representation, unauthorised access to computer material, money laundering, and blackmail.

Authorities have also initiated the process of dismantling the online infrastructure supporting the fraudulent platform. This involves working with hosting companies to shut down the Joker OTP bot platform, a move described as the initial step in taking action against the broader network of individuals involved.

The investigation has been a collaborative effort, receiving support from the North East Regional Organised Crime Unit (NEROCU), the National Crime Agency (NCA), and Europol, in addition to the Dutch National Police. Detective Sergeant Carter assured users of the Joker OTP platform that their activities have been monitored and that further action from law enforcement is anticipated.