Security researchers and consumer watchdog groups are sounding the alarm about a disturbing new form of online fraud that specifically targets people who use AI tools like ChatGPT to help them shop. The scheme has a name in cybersecurity circles: AI poisoning — and once you understand how it works, you’ll never blindly trust an AI recommendation again.
AI poisoning is when attackers corrupt what an AI system learns or tells users — by injecting false data into its training process, seeding the web with misleading content that AI tools will cite, or embedding malicious instructions into inputs the AI processes. In simpler terms: criminals are deliberately planting fake websites across the internet so that AI tools like ChatGPT pick them up and recommend them as legitimate sources. Huntress
Cybersecurity researcher Bruce Schneier demonstrated in February 2026 that a single fabricated article on a personal website was enough to get Google AI Overviews and ChatGPT repeating invented information as fact within 24 hours — no technical access required. That’s how fast these AI systems absorb bad information from the web — and how easy it is for scammers to exploit that process. Huntress
The Fake Store Playbook: How Scammers Build Convincing Traps
The mechanics of this scam are surprisingly methodical. Fraudsters create fake websites that mimic real retailers, design them to slip into AI-generated search results, and then fool shoppers who naturally trust AI recommendations. They often offer huge discounts — up to 80% off sought-after products — to make the fake deals look irresistible. Artiverse
One particularly well-documented case involves the British footwear brand Russell & Bromley. When the scam-checking service Ask Silver asked ChatGPT about popular Russell & Bromley purses and bags, the AI provided product details and pricing — but two fraudulent Russell & Bromley sites were also included among its cited sources. NewsBytes
What made this especially effective? The brand had recently gone through a major corporate change. Russell & Bromley entered administration in early 2026 and was absorbed by the retailer Next, which meant the original official website no longer existed — leaving a very convincing vacuum that scammers rushed to fill with copycat domains.
The fake site names were crafted to sound official: domains like therussellbromleyofficial, russellandbromleylondon, and russell-and-bromley all appeared legitimate at first glance. The sites featured professional layouts, detailed product listings, and steep sale prices designed to trigger quick purchases before the shopper had time to think twice.
Why This Is Bigger Than One Brand
It would be easy to read this as a story about one retailer and move on. But the Russell & Bromley case is just the most visible example of a much wider problem.
Research shows that poisoned content has penetrated multiple AI ecosystems — not just ChatGPT. Claude, Perplexity, and other large language models have all shown signs of pulling from contaminated web sources, creating a broad, cross-platform contamination effect that affects AI search broadly. Aurascape, Inc.
Scammers are now using AI tools to craft personalized messages that reference real details about their targets, to write convincing customer-service impersonations, to generate fake invoices and contracts that pass surface-level inspection, and to create entire fake websites with natural-sounding copy. CA Privacy Watch
The fraud landscape has fundamentally shifted. What used to be a problem of bad grammar and suspicious email addresses has evolved into near-perfect digital counterfeiting — powered, ironically, by the same AI technology consumers are turning to for help.
IBM’s 2026 X-Force Threat Intelligence Index found over 300,000 ChatGPT credential sets advertised on dark web markets, harvested by commodity infostealer malware — a stark measure of just how much criminal infrastructure has grown up around exploiting AI trust. All About Cookies
🔴 Real-World Impact: Who Gets Hurt?
The people most at risk are everyday shoppers who have started using AI assistants as a replacement for traditional search engines. That shift in behavior — from Googling “best handbags under $200” to asking ChatGPT directly — is exactly what scammers are counting on.
Consumers are being hurt in two specific ways:
Financial loss. When a shopper pays through a cloned site, the money goes directly to the fraudster. Most of these sites accept only bank transfer payments or less-reversible payment methods, making chargebacks difficult or impossible.
Data theft. Beyond the immediate purchase, handing over credit card numbers, addresses, and account details to a fake site opens the door to identity theft and ongoing financial fraud.
Louise Baxter, head of scams at National Trading Standards in the UK, put it plainly: criminals are adapting to new technology just as fast as consumers are adopting it. The fact that scam websites can surface inside AI-generated results isn’t a glitch — it’s a deliberately engineered attack vector.
How to Protect Yourself Right Now
The good news is that once you know what to look for, these scams are avoidable. Here’s what every online shopper should know before clicking any AI-recommended link:
Go directly to brand websites. Rather than clicking sources in a ChatGPT or Gemini response, type the retailer’s name directly into your browser or search for it on Google with brand-specific terms. If a major brand has been acquired (like Russell & Bromley moving to Next), verify that through a quick independent search first.
Watch the web address carefully. Cloned shopping sites often use domain names packed with extra words like “official,” “deals,” “online,” or location qualifiers (like “uk” or “london”) that the real brand wouldn’t use. Legitimate UK retailer sites typically use .co.uk or clean .com domains. Artiverse
Never pay by bank transfer. Fraudulent sites frequently insist on bank transfer as the only payment method — an immediate red flag that the “store” has no intention of sending you anything. Legitimate retailers offer credit cards or established payment processors. Artiverse
Be skeptical of massive discounts. An 80% sale on a premium brand you trust is almost certainly too good to be true. Scammers use deep discounts to rush shoppers into purchasing before they think critically.
Report suspected fraud. If you’ve already entered financial details on a suspicious site, contact your bank immediately and file a report through your country’s consumer fraud reporting system (in the U.S., that’s the FTC at reportfraud.ftc.gov).
Use scam-checking tools. Services like Ask Silver and Norton Genie — which launched directly inside ChatGPT in March 2026 to deliver real-time scam checks without leaving your AI conversation — give shoppers a way to verify sites before committing money. finviz
What OpenAI and Retailers Are Doing About It
OpenAI has acknowledged the problem. After the Russell & Bromley fake sites were flagged, a company spokesperson confirmed that the fraudulent websites had been removed from ChatGPT’s search index and that users can report policy-violating sites through an official reporting form.
The retailer Dunelm, another brand whose name was cloned in these scam operations, issued a public reminder urging customers to use only its official website or verified app — and confirmed it actively works to remove fraudulent sites whenever they’re identified.
Next, which now owns Russell & Bromley, confirmed awareness of the situation and said it has been actively working with relevant parties to shut down the impersonation domains.
These are reactive fixes, though. The deeper challenge — preventing scammers from seeding AI search indexes with poisoned content in the first place — is an ongoing problem that no single company has solved yet.
What This Means for the Future of AI Shopping
This story points to a genuinely important tension in how AI tools are being used in 2026. Consumers have been trained to trust AI recommendations as curated, intelligent outputs — a step up from raw search results. But AI tools are only as trustworthy as the web content they pull from, and that web is actively being manipulated by people who profit from that trust.
Victims often have no way to know an AI system produced the message or recommendation they acted on. There’s no visible watermark, no digital signature saying “machine-generated.” A person reads a recommendation, finds it credible, and acts on it. CA Privacy Watch
The solution is a combination of better AI filtering (which companies like OpenAI are working on), consumer awareness (which articles like this aim to build), and independent verification habits that shoppers need to develop. Treating AI output the same way a smart person treats any unfamiliar source — with curiosity and a healthy dose of skepticism — is the most protective instinct you can cultivate right now.
🔗 Useful External Resources
- FTC Online Shopping Scam Reporting — Report fraud directly to the Federal Trade Commission
- Norton Genie Scam Detector — AI-powered scam checking tool
- Huntress: What Is AI Poisoning? — Deep dive into how AI poisoning attacks work
- Malwarebytes: Fake ChatGPT Sites — Technical breakdown of fake AI download sites
❓ FAQ
Q1: Can ChatGPT really recommend fake shopping websites? Yes — and it’s already happening. Because ChatGPT’s search feature pulls from live web sources, scammers can plant fake websites that appear credible enough for the AI to include as references. ChatGPT doesn’t verify whether a website is legitimate before citing it, which is exactly the gap these fraudsters are exploiting. OpenAI removes reported sites, but new ones keep appearing.
Q2: How do I know if a website recommended by AI is safe? Never rely solely on an AI recommendation to determine a site is legitimate. Check the domain name carefully (look for extra words or unusual extensions), search for the brand independently, look for established payment options (not just bank transfer), and use tools like Norton Genie or Ask Silver to verify the site before entering any personal or payment information.
Q3: What should I do if I already paid money to a fake website? Act immediately. Contact your bank or card issuer to report the fraudulent transaction and request a chargeback if you paid by credit or debit card. Report the scam to the FTC at reportfraud.ftc.gov. If you shared sensitive personal information like your Social Security number or password, consider placing a fraud alert on your credit file through Equifax, Experian, or TransUnion.
AI Is Powerful — But It’s Not Your Fraud Detector
AI tools like ChatGPT have genuinely changed how millions of Americans shop, research, and make decisions online. That trust is valuable — and that’s precisely why criminals are working so hard to corrupt it.
The AI poisoning scam is a reminder that no technology is a substitute for your own judgment. The most effective thing you can do right now is stay curious, stay skeptical, and never hand over money or personal details based solely on an AI recommendation — no matter how confident and polished that recommendation looks.
Verify first. Click second. That habit could save you hundreds of dollars and a significant amount of stress.