Cybersecurity experts have raised concerns after fake retail websites were found appearing in ChatGPT search results, potentially exposing online shoppers to fraud and financial theft.

The warning comes after scam-checking service Ask Silver discovered cloned websites impersonating well-known retailers, including Russell & Bromley and Dunelm, being surfaced as sources in responses generated by ChatGPT.

How the scam works

According to researchers, users searching for products through AI-powered tools may unknowingly be directed to fraudulent websites that closely resemble legitimate retailer platforms.

In one example, users asking for popular bags from Russell & Bromley were shown links to fake websites offering steep discounts of up to 80 per cent. These websites appeared convincing but were allegedly designed to collect payments and harvest banking information.

Experts believe scammers may be exploiting outdated or misleading information online. Since Russell & Bromley was acquired by Next earlier this year and no longer operates its original website, fraudsters appear to be taking advantage of customers still searching for the brand independently.

Experts urge caution

Consumer protection officials have warned that AI-generated recommendations should not automatically be considered trustworthy.

Louise Baxter, head of the scams team at National Trading Standards, said fraudsters are adapting quickly to emerging technologies and using them to reach potential victims.

Cybersecurity specialists also warned about the possibility of AI systems being influenced by malicious content published online, allowing fake websites to gain visibility.

How shoppers can stay safe

Experts advise consumers to visit retailers directly through their official websites or mobile applications rather than relying solely on AI-generated links.

Shoppers should be cautious of websites offering unusually large discounts, demanding bank transfers, or using suspicious domain names containing words such as “official” or “deals”.

If financial information has been shared with a fraudulent website, consumers are advised to contact their bank immediately and report the incident to relevant fraud authorities.

Following the discovery, OpenAI said the fraudulent websites had been removed from ChatGPT’s search index, while retailers affected by the scam are working to shut down the fake domains.