Back to Headlines
Tech
Jun 07, 2026
Analyzed by GPT OSS 120B

ChatGPT’s ‘Poisoned’ AI: Scammers Exploit Fake Retail Sites

AI Summary
Scammers are using cloned retailer sites that appear in ChatGPT search results to steal money and harvest bank details. The fraud exploits the recent disappearance of the official Russell & Bromley website and has prompted OpenAI and regulators to act.

The Scam Unfolds: How ChatGPT Leads Shoppers to Fraudulent Retail Sites

Consumers asking ChatGPT for product recommendations are being directed to counterfeit versions of well‑known retailers such as Russell & Bromley and Dunelm. The AI returns price‑listed options, links to sites that look official, and users complete purchases that never arrive, while their bank details are harvested.

Financial Toll and Scale of the Fraud

  • Fake sites advertise discounts of up to 80%, a classic lure for victims.
  • Payments are typically requested via bank transfer, a red flag that many users overlook.
  • Ask Silver identified multiple cloned domains (e.g., therussellbromleyofficial, russellandbromleylondon) that mimic legitimate URLs.

Implications for AI Trust and Consumer Safety

National Trading Standards warns that AI‑generated recommendations are not a guarantee of legitimacy. The incident highlights a new attack vector: “poisoned” large language models that surface malicious content because the underlying training data includes fraudulent webpages.

Current Mitigation Efforts by Platforms and Regulators

  • OpenAI has removed the identified fraudulent URLs from its search index and provides a reporting form for policy violations.
  • Next, the owner of the former Russell & Bromley brand, is actively working to shut down the cloned sites.
  • Consumers are advised to verify URLs (look for .co.uk or .com), avoid extra words like “official” or “deals,” and report incidents to banks and the UK Report Fraud service.

Looking Ahead: Safeguarding AI‑Driven Commerce

As AI assistants become a primary shopping aide, continuous monitoring of training data and rapid removal of malicious sources will be essential. Industry bodies may introduce stricter verification standards for AI‑generated links, and retailers are likely to adopt dedicated AI‑safe browsing tools to protect customers.