This session will discuss crimeware-as-a-service utilized by threat actors, with a focus on SMS-based one-time password (OTP) bots. OTP Bots streamline the process for hackers to trick victims into giving up their multi-factor authentication codes or OTPs for various online services, such as financial institutions or retail platforms. Various methods of bypass and continuing problems that OTP Bots are causing to fintech will be covered.