ChatGPT Search Results Link to Fake Shopping Sites, Scammers Exploit AI

Criminals have found a new attack vector for online shopping fraud: manipulating AI chatbot search results to promote fake retail websites that harvest payment information from unsuspecting buyers.

Ask Silver, a scam-checking service, has identified fraudulent websites impersonating retailers Russell & Bromley and Dunelm appearing in ChatGPT search results. The scam works by creating convincing clones of legitimate shopping sites, complete with product listings, prices, and branding that fool consumers into believing they're purchasing from trusted retailers.

How the scam works

When users ask ChatGPT for shopping recommendations—such as "What are popular Russell & Bromley purses and bags?"—the AI assistant generates detailed responses with product names, prices, and trend information. Among the sources cited are fraudulent websites designed to look authentic.

The fake sites use domain names similar to legitimate retailers, such as therussellbromleyofficial, russellandbromleylondon, and russellbromleyonlineuk. They typically advertise steep discounts of up to 80 percent to lure buyers. Once a purchase is made, the money disappears and no product arrives.

Anna Jones of Ask Silver suggests the large language model powering ChatGPT may have been "poisoned"—a technique where malicious content is deliberately inserted into the data AI systems learn from. Scammers appear to be exploiting the fact that Russell & Bromley entered administration in January 2026 and was absorbed by Next, leaving no standalone official website but plenty of consumer search demand.

Why it matters

This represents a significant evolution in online fraud tactics. As consumers increasingly rely on AI tools for shopping recommendations and product research, fraudsters are adapting their methods to exploit trust in these systems. The incident highlights a critical vulnerability: AI-generated results can surface malicious content just as easily as legitimate information, and users may assume chatbot recommendations carry implicit verification they don't actually provide.

For businesses, the threat extends beyond direct financial losses. Brand impersonation through AI-surfaced fake sites can damage customer trust and reputation, even when the legitimate company has no connection to the fraud.

Protection measures

Louise Baxter, head of the scams team at National Trading Standards, emphasized that consumers should never assume a website is genuine simply because an AI tool recommended it.

Security experts recommend several precautions when shopping online: verify website addresses carefully, watching for legitimate domain extensions like .co.uk or .com rather than suspicious additions like "official" or "deals" in the URL. Be wary of sites offering unusually large discounts or accepting only bank transfers for payment. When possible, navigate directly to retailer websites rather than following links from any source, including AI chatbots.

Anyone who has provided financial details to a suspected fraudulent site should immediately report the incident to their bank and national fraud reporting authorities.

ChatGPT's parent company confirmed it has removed the identified fraudulent websites from its search index and provides a reporting mechanism for users who encounter sites violating its policies. Next, which acquired Russell & Bromley, stated it is working to have the fake sites shut down.

The Guardian first reported these details.