[tdeck]

Much of this sounds like a standard phish kit. Unfortunately I don't think the police can do much. Often you can actually find the perpetrator's info, but they're in Nigeria where nobody cares.

First of all, I'd report the site to Google Safe Browsing and to PhishTank: https://safebrowsing.google.com/safebrowsing/report_phish/?h... https://www.phishtank.com/

Once Chrome starts blocking the site, that will stop the bleeding. The contact the host and domain registrar, if possible. If the phish kit is piggybacking on a WordPress site (very common), find the person who owns that site and message them if you can.

[zefman]

Yeah whoever set this up knows very little about the web and has obviously purchased this. They have made a number of mistakes including not withholding their domain registration info! So the police actually have a name and address in the UK. Whether that is a decoy or not remains to be seen, but given the other mistakes that have been made I wouldn't be surprised if it was the attacker.

The site has already been reported to netcraft and is now showing as dangerous in chrome. Unfortunately this doesn't appear to show on mobiles, where most of the of the victims are falling for the scam.