Scammers have found a new way to reach online shoppers by embedding fake retail websites directly into ChatGPT's search results. The scam-checking service Ask Silver discovered that the AI chatbot included links to cloned versions of Russell & Bromley and Dunelm, two well-known retailers, in its shopping responses.

How the Scam Works

Fraudsters create convincing replicas of legitimate e-commerce sites. These clones mimic the branding, design and product listings of trusted stores. By manipulating search optimization techniques, they get these fake pages indexed by search engines and then surfaced by AI tools like ChatGPT. When a user asks for product recommendations or shopping links, the AI may pull from commercial databases or indexed web pages without verifying authenticity.

Ask Silver reported that the fake sites appeared in ChatGPT's answers alongside real results. This creates a dangerous mix where users cannot easily distinguish between genuine and fraudulent links. The phishing sites often aim to steal credit card information or deliver malware.

Who Is at Risk

Shoppers looking for specific brands or seasonal deals face the highest risk. The scam targets those who trust AI-generated answers as a reliable shortcut. Russell & Bromley customers seeking footwear and Dunelm shoppers looking for home furnishings may see these deceptive links in their ChatGPT responses. Anyone using the chatbot for product discovery is vulnerable.

A Growing Threat to AI Reliability

This incident reflects a broader trend: bad actors are exploiting the integration of AI into search and shopping. As chatbots become gateways to e-commerce, the incentive to poison those results increases. The rise of AI-generated content has already blurred the line between authentic and fabricated information. Now that line extends to commercial transactions.

Platforms like OpenAI rely on third-party data sources and web crawls. If those sources contain malicious entries, the AI unintentionally becomes a distribution channel for scams. This forces companies to invest in stricter vetting of indexed content and real-time verification of shopping links.

Why This Matters

Consumers who rely on AI for quick purchasing decisions may unknowingly hand over personal data to criminals. The financial loss extends beyond stolen money to identity theft and compromised devices. For businesses, brand reputation suffers when customers blame them for copycat sites. The incident also erodes trust in AI tools, which depend on user confidence to remain viable. Regulators may push for clearer accountability standards as AI-driven shopping expands.

Shoppers should verify URLs by visiting official brand websites directly rather than relying on AI-generated links. Security experts recommend using bookmarks and enabling multi-factor authentication on retail accounts. Until platforms tighten their safeguards, skepticism remains the best defense.