Jun 13, 2026 · AI

Fake Shopping Sites Are Landing in ChatGPT Results, What Social Teams Need to Know

Luxury handbag storefront window with 80 percent off sign and digital glitch overlay symbolizing fake AI shopping sites in ChatGPT results

⏱ 9 min read · Last updated 2026-06-13

Scammers have found a way to slip fake online stores directly into ChatGPT’s product recommendations, delivering counterfeit storefronts alongside genuine results. The scheme, first spotted by scam-checking service Ask Silver, means anyone asking ChatGPT for a popular handbag or homewares brand could be handed a polished, convincing clone, complete with fake discounts and a domain name that looks right at a glance. For social media managers who rely on AI to source links and ideas, this isn’t just a cybersecurity headline. It’s a new kind of risk that lives where discovery, links, and trust collide.

AI shopping assistants are making it dangerously easy for scammers to slip counterfeit storefronts into the results you trust.

Why It Matters

AI-powered shopping is no longer a novelty. In 2025, nearly one in three US online shoppers had already used a generative AI assistant to discover products, compare prices, or complete a purchase, according to an eMarketer report. Platforms like ChatGPT are absorbing tasks that used to start in a search bar or on a social feed, and users accept the summaries and suggested links as authoritative. That shift creates a direct path for fraudsters: if they can get a malicious link cited inside an AI answer, the assistant effectively vouches for the fake site.

When a social media manager crafts a post, they often pull product links from AI-curated lists, especially during trend-driven moments. A single shared link to a cloned site erodes audience trust instantly, and can trigger chargebacks, customer complaints, and brand-safety flags that hurt organic reach. The problem scales fast. One counterfeit domain can appear in hundreds of AI-generated responses before anyone notices.

What’s New / How It Works

Ask Silver detected cloned versions of British luxury brand Russell & Bromley and home furnishings retailer Dunelm appearing inside ChatGPT’s shopping results. The fakes used near-identical domain constructs, such as therussellbromleyofficial or russellandbromleylondon, and replicated the look and feel of legitimate e-commerce sites. Advertised discounts reached up to 80%, a psychological lever that nudges even cautious shoppers to act quickly.

The scam exploits a real-world gap. Russell & Bromley went into administration in January 2026 and was acquired by Next plc, leaving no official standalone website for the brand. Without a canonical destination, AI models had no definitive source to anchor on. Fraudsters stepped into that vacuum, building sites optimized to appear credible to web scrapers and large language models. The technique echoes data poisoning, a concept well-documented in machine learning security: a 2024 study by Nicholas Carlini and collaborators demonstrated that injecting even a tiny fraction of malicious samples into web-scale training datasets can steer model outputs in dangerous ways. For AI shopping, the poison is a faux product page that looks like the real thing.

Eventually, users who placed orders received nothing, and their payment details were compromised. The sites typically steer buyers toward bank transfers instead of card payments, bypassing the fraud protections built into mainstream payment processors.

The Numbers

  • Cloned retail sites detected in ChatGPT shopping results for Russell & Bromley and Dunelm
  • Domain spoofing using strings like “therussellbromleyofficial” and “russellandbromleylondon”
  • Discounts up to 80% weaponized to bypass consumer skepticism and speed up impulse buys
  • No official Russell & Bromley website after the brand entered administration and was absorbed by Next plc
  • Bank transfer required, a red flag that refund and chargeback pathways are absent
  • Ask Silver flagged the scam after consumers reported undelivered goods and stolen payment information

This isn’t just knockoff SEO; it’s a direct pipeline from a fake domain to a consumer’s wallet, routed through an AI assistant that vouches for it by default.

What Comes Next

ChatGPT’s operator confirmed the flagged sites were removed from its search index and pointed users to a reporting form for suspicious links. Next plc, which now owns the Russell & Bromley brand, said it is actively working to take down fraudulent domains. Dunelm urged customers to stick to its official app and website.

Those actions are reactive, not preventive. The underlying mechanism, AI systems ingesting untrusted web content and presenting it as fact, won’t be fixed by takedowns alone. Experts in the AI safety space argue that search-augmented models need cryptographic trust signals, domain-verification layers, and tighter provenance checks, but those features are still nascent. Meanwhile, scammers are incentivized to keep submitting poisoned pages, knowing that even a short window of visibility can be profitable.

What This Means for You

For social media managers, the lesson is simple: never trust a link just because AI served it. Before you drop a product URL into a post caption, story, or link-in-bio, open it yourself. Look for the real brand’s verified channel, official Instagram, TikTok shop, or pinned website link. If the destination feels too good to be true (80% off, bank transfer only), it is.

Make link hygiene a workflow habit. Use a branded shortener that lets you monitor clicks and swap destinations if something goes wrong, feedsta.ai includes a link shortener (fsta.li) and link-in-bio tools that keep every link under your control. If you manage multiple brands, set up a sweep every week: search your brand name inside an AI assistant and see what’s being recommended. A cloned site could be sitting in the top results right now.

Beyond your own posts, care about how your brand shows up in AI search. You can’t police every fake domain, but you can make your real presence loud and authoritative. A free scan from BizScoreAI reveals your AI Visibility Score across ChatGPT, Gemini, and Perplexity, helping you spot gaps that scammers love to fill. If your official website and social profiles are consistently authoritative, the clones have a harder time masquerading as you.

Explore our coverage on the intersection of AI and social risk in our AI category and Social Media category. And for a deep dive on legal liability when AI gets facts wrong, read AI Search Liability Ruling: What Social Media Managers Need to Know Now.

The Bigger Picture

AI shopping assistants are accelerating how people discover products, but they are inheriting the web’s worst habit, untrustworthy information wrapped in a confident delivery. Social media sits at the front line of that tension. Every link shared by a brand or creator carries an implicit promise that it’s safe. When AI becomes the source of that link, the promise needs to be verified, not assumed. The teams that add a quick verification step and the right monitoring tools will be the ones that keep audience trust intact while the internet figures out how to police its AI-driven mirror world.

FAQ

How did scammers get fake shopping sites into ChatGPT results?

Fraudsters created clone websites that closely mirror real retailers, copying product pages, branding, and domain names with tiny tweaks. These sites are then indexed by web crawlers that feed AI training data. When a user asks ChatGPT for a product, the model may surface the cloned site if it hasn’t learned to distinguish it from a legitimate source, especially if the real brand no longer has an official standalone website.

Are social media links sourced from AI safe to share?

Not automatically. AI-generated recommendations can include malicious or cloned links, and the assistant rarely provides a source-audit trail. A social media manager should manually open every link before posting, check the domain for subtle misspellings, and prefer official app stores or verified brand pages when in doubt.

Which brands were targeted by the AI shopping scam?

The scam initially targeted Russell & Bromley, a luxury footwear brand that no longer operates a standalone site after its acquisition by Next, and homewares retailer Dunelm. Fraudsters exploited the fact that shoppers still search for Russell & Bromley but have no official site to anchor on, making lookalike domains appear more plausible inside AI results.

How can I tell if a shopping link from ChatGPT is fake?

Check the domain carefully: look for extra words, hyphens, or misspellings (e.g., “therussellbromleyofficial” instead of “russellandbromley.com”). Also watch for abnormally steep discounts (80% off), payment methods restricted to bank transfer, missing contact or returns pages, and poor grammar in the site fine print. If an official brand has a verified social profile, cross-check the link against what’s listed there.

What should social media teams do to protect their brands from AI shopping scams?

Assert your official domains across all major platforms and keep your link-in-bio fresh. Audit AI search results for your brand name weekly. Use monitoring tools or even manual ChatGPT queries to see what links appear. Report fraudulent domains to the platform’s reporting tools and to the AI provider. Also, enroll in a link-shortening service that gives you analytics, sudden traffic to unknown URLs may reveal a cloned site that’s spreading.

Did ChatGPT remove the fake shopping sites?

ChatGPT’s operator confirmed that the identified fraudulent websites were removed from its search index. The company also provides a reporting form that users can fill out to flag suspicious sites. Takedowns, however, are reactive; new clones can appear quickly, so ongoing vigilance is essential.

Why did Russell & Bromley not have an official website?

Russell & Bromley entered administration in January 2026. Its brand and assets were acquired by Next plc, which absorbed the label and moved sales into other channels. The official standalone website was taken down as part of that transition, leaving a vacuum that scammers used to build lookalike sites that appeared authentic to AI crawlers.

Frequently Asked Questions

How did scammers get fake shopping sites into ChatGPT results?
Fraudsters created clone websites that closely mirror real retailers, copying product pages, branding, and domain names with tiny tweaks. These sites are then indexed by web crawlers that feed AI training data. When a user asks ChatGPT for a product, the model may surface the cloned site if it hasn’t learned to distinguish it from a legitimate source, especially if the real brand no longer has an official standalone website.
Are social media links sourced from AI safe to share?
Not automatically. AI-generated recommendations can include malicious or cloned links, and the assistant rarely provides a source-audit trail. A social media manager should manually open every link before posting, check the domain for subtle misspellings, and prefer official app stores or verified brand pages when in doubt.
Which brands were targeted by the AI shopping scam?
The scam initially targeted Russell & Bromley, a luxury footwear brand that no longer operates a standalone site after its acquisition by Next, and homewares retailer Dunelm. Fraudsters exploited the fact that shoppers still search for Russell & Bromley but have no official site to anchor on, making lookalike domains appear more plausible inside AI results.
How can I tell if a shopping link from ChatGPT is fake?
Check the domain carefully: look for extra words, hyphens, or misspellings (e.g., “therussellbromleyofficial” instead of “russellandbromley.com”). Also watch for abnormally steep discounts (80% off), payment methods restricted to bank transfer, missing contact or returns pages, and poor grammar in the site fine print. If an official brand has a verified social profile, cross-check the link against what’s listed there.
What should social media teams do to protect their brands from AI shopping scams?
Assert your official domains across all major platforms and keep your link-in-bio fresh. Audit AI search results for your brand name weekly. Use monitoring tools or even manual ChatGPT queries to see what links appear. Report fraudulent domains to the platform’s reporting tools and to the AI provider. Also, enroll in a link-shortening service that gives you analytics, sudden traffic to unknown URLs may reveal a cloned site that’s spreading.
Did ChatGPT remove the fake shopping sites?
ChatGPT’s operator confirmed that the identified fraudulent websites were removed from its search index. The company also provides a reporting form that users can fill out to flag suspicious sites. Takedowns, however, are reactive; new clones can appear quickly, so ongoing vigilance is essential.
Why did Russell & Bromley not have an official website?
Russell & Bromley entered administration in January 2026. Its brand and assets were acquired by Next plc, which absorbed the label and moved sales into other channels. The official standalone website was taken down as part of that transition, leaving a vacuum that scammers used to build lookalike sites that appeared authentic to AI crawlers.
ai poisoningai shopping scamsbrand protectionchatgpt scamsfake retail siteslink verificationsocial media security
← Back to the blog