A Police Website Line-up - The Verdict

As promised, [finally] here is my posting with the verdict on which one of the following suspects in my Metropolitan Police website line-up is the real one, and more importantly which is the fake one. I will also reveal what the fake one was set up for, and by who.

Just to refresh your memory, I originally asked:

"Do you think you can tell the difference between a real website and a copy which is a fake? Yes? Well, let's see how good you are, here's a test for you. Which of the following screenshots is from the real Metropolitan Police Service web site, and which is the fake?"

[Mug-shot 1]


A larger version of this screen-shot can be found here.

OR

[Mug-shot 2]


A larger version of this screen-shot can be found here.

I did get some responses, and those that did respond got it right!

Oh, you want the answer? OK, here's your starter for 10:

The real Metropolitan Police Service web site was 'Mug-shot 2', and the fake must be, by a process of elimination, 'Mug-shot 1'. I did leave one obvious clue to help you, did you spot it?

Take another look, look at the' McAfee Site Advisor' indicator in the status bar at the foot of the browser window; the real Met site shows as 'Green' which means it has been tested and is probably the real thing. Whereas the fake site, shows as 'Grey' which means it hasn't been tested yet, and probably should be treated as suspicious, for now.

Other clues that give the fake away include:

The two e-mail addreses and the domain name used, as in:

• new.scotland.yard@metpoliceuk-gov.com


• clarence.c.vernon@metpoliceuk-gov.com

And

The telephone and fax numbers given:

• Call us +442071936470 (24 hour switchboard)


• Fax us +448717200341

Why include an international dialling prefix, when the police force is only responsible for the London Metropolitan area? Bit of a give away!

Let's dig a bit deeper now; starting with the Whois record for the fake domain:

Domain Name: METPOLICEUK-GOV.COM
Name Server: NS.PIPNI.CZ
Name Server: NS2.PIPNI.CZ
Status: clientTransferProhibited
Updated Date: 13-mar-2007
Creation Date: 05-mar-2007
Expiration Date: 05-mar-2008

Name servers in the Czech Republic for a UK Police Force, I think not, and the domain was only created on the 5th of March 2007.

And here are the registrant details, which are probably spoofed.

Registrant:
Jennfier Mcsorley
74 Jermyn St
London, LONDON SW1Y6NP
Great Britain
( )442079305321
sn.tosin@yahoo.com

Of course, it must be a real, the London Metropolitan Police force all use free web mail services, such as Yahoo, don't they? ;-)

OK, enough detective work for now. But we still need to know the purpose behind setting up such a site, here are some suggestions. which one[s] seem most likely to you?

1. Nigerian (aka 419) scammers?


2. Terrorists?


3. Phishing scammers?


4. Other Organised criminal gang?

The answer, according to The Register is:

"Nigerian scammers have launched a fake London Metropolitan Police website, which includes a fake anti-terrorist hotline number.

According to anti-advance fee fraud organisation Ultrascan Advanced Global Investigations, the scam refers victims to an "official" website that sells so-called "anti-terrorist certificates" which are needed to secure payments from abroad. In the past, fraudulent Anti-Terrorist Stop Order letters were purportedly issued by the Financial Crimes Enforcement Network (FinCEN)."

The full article from the Register can be found here.

So now you know the which, the why, the when and the how of the crime... Book 'em Danno!

Up for another challenge some time?