CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

JokerOTP MFA phishing-as-a-service dismantled, third suspect arrested

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

The Netherlands Police arrested a 21-year-old man from Dordrecht for selling access to the JokerOTP phishing automation tool, which intercepts one-time passwords (OTPs) to hijack accounts. The arrest is part of a three-year investigation that led to dismantling the JokerOTP phishing-as-a-service (PhaaS) operation in April 2025. The service caused at least $10 million in financial losses across 28,000 attacks in 13 countries. The seller advertised access via Telegram, allowing cybercriminals to automate calls to victims and capture sensitive data. The tool targeted users of PayPal, Venmo, Coinbase, Amazon, and Apple. The investigation is ongoing, with dozens of buyers identified for prosecution.

Timeline

  1. 11.02.2026 21:14 1 articles · 7h ago

    Third suspect arrested in JokerOTP phishing-as-a-service operation

    The Netherlands Police arrested a 21-year-old man from Dordrecht for selling access to the JokerOTP phishing automation tool. The arrest follows the dismantling of the JokerOTP PhaaS operation in April 2025, which caused at least $10 million in financial losses. The seller advertised access via Telegram, allowing cybercriminals to automate calls to victims and capture sensitive data. The investigation is ongoing, with dozens of buyers identified for prosecution.

    Show sources
    Open in new tab

Information Snippets