Sometimes fake web sites can be "better" than their originals. As reported this week, the Victoria's Secret web site has been duplicated in a very convincing copy. So good in fact, Google ranks it higher when searching for "Victoria Secret UK".
The possibly fake website is quite convincing, allows payment in five currencies, and cheekily has the "Verisign Secured" and "McAfee Secure" logos on the product pages. If this is a fake site, the motive could be to gather personal data through the registration process, or to steal cardholder data via the payment form using "ZHBPay Payment Gateway", or to sell counterfeit goods. Of course, it might be a valid site of a local agent or reseller, but the product ranges seem different. The conditions of use page is quite poorly written. It's a bit odd.
The real primary Victoria's Secret website, aimed at North American customers is:
But there is a real UK-orientated splash page at the .co.uk equivalent domain (whois lookup):
The possibly fake site is (whois lookup):
A quick check on common factors used to improve search engine rankings suggest that the primary .com website has some problems, the fake site has some more. But what differentiates it here is that the fake site is better for the term "uk" than the real splash page.
The victoriassecrettuk.co.uk domain name was registered by an individual:
Another site, found searching for "victorias secret uk" gives a site www.thegrapescafebar.co.uk as the first result which redirects to the fake site above.
What's even more confusing is that the UK customer care email address uses yet another domain (firstname.lastname@example.org) and www.victoriassecret.uk.com redirects to the UK splash page (on www.victoriassecret.co.uk).
Domain name fail, and search engine optimisation (SEO) fail. Attacker win. The suspicious site is still there, three days after that initial report. I have emailed the real company just in case they are still not aware.