Three men in the United Kingdom have admitted to running OTP Agency, a service that intercepted one-time passcodes needed to access various websites after stealing bank account credentials. Despite initially claiming legitimacy, the service shut down after being exposed by KrebsOnSecurity. Although the operators were arrested shortly after reviving the service post-shutdown, other similar services like SMSRanger are still in operation. Beware of scam messages and calls asking for personal or financial information, and always verify the legitimacy of any communication from your bank before responding.
https://krebsonsecurity.com/2024/09/owners-of-1-time-passcode-theft-service-plead-guilty/