A scam-checking service has found cloned websites impersonating established retail brands being surfaced directly inside ChatGPT’s shopping recommendations, raising fresh questions about how far AI-generated results can be trusted when money changes hands.

Retailgazette reported that Ask Silver identified fraudulent sites mimicking both Russell & Bromley and Dunelm appearing as sources when users queried the AI tool for product guidance.

AI Scams Reach Beyond Retail into Every Money-Handling Platform

Zlatan Vukić, an iGaming compliance manager with around eight years of experience watching regulated online betting markets, recognises the pattern immediately.

The LLM-poisoning mechanism described by Ask Silver’s Anna Jones, where fraudsters insert malicious content into the information pools AI systems draw from through cloned web pages, is not a retail-only problem. Neither is the lookalike-domain playbook.

Vukić notes that the same fake-domain construction found in the Russell & Bromley case, names built from strings like therussellbromleyofficial or russellandbromleylondon, appears in the betting space too. A Croatian sports-bettor who receives a site recommendation from an AI tool needs to confirm that what they are looking at is the real, licensed CroatiaSport rather than a lookalike constructed on a nearly identical domain. The URL check, the HTTPS verification, and the licensing confirmation the article describes for retail purchases are precisely the same steps that apply there.

“This pattern doesn’t stay in one industry. Any brand that handles money is a viable target, and the fix is always the same — go directly to the source, check the domain character by character, and verify the licence before you hand over anything.”

How Fraudsters Poison AI Results and Build Convincing Lookalike Domains

The mechanism behind these scams involves what Anna Jones of Ask Silver described as LLM poisoning. Fraudsters create cloned web pages and insert them into the broader pool of online content that large language models may draw on when generating responses. Because ChatGPT does not always retrieve information from a single verified source, malicious pages can work their way into the outputs a user receives.

The domain-naming approach compounds the problem. Fake addresses identified in this case included therussellbromleyofficial, russellandbromleylondon, russellbromleyonlineuk, and russell-and-bromley. Each is close enough to the genuine brand name to pass a casual glance.

Once a user lands on one of these sites, a second signal typically appears: discounts of up to 80%, which Ask Silver flagged as a common warning sign in online shopping fraud. Steep price cuts are designed to override hesitation, and they frequently do.

Russell & Bromley’s Brand Collapse Created a Ready-Made Opening for Scammers

The Russell & Bromley case carries a specific backstory that made it particularly attractive to fraudsters. The footwear retailer entered administration and ceased trading following the appointment of administrators on 21 January 2026, before being acquired by Next that same month. Brand confusion followed almost immediately. Shoppers who had not heard the news were still likely to search for Russell & Bromley directly, and scammers moved to fill that gap.

In one test, Ask Silver asked ChatGPT for popular Russell & Bromley purses and bags. The AI returned product suggestions, prices, and links. Some of those links directed users to fraudulent websites built to look like the retailer’s official site. Anna Jones said scammers appeared to be deliberately exploiting the confusion around the brand’s collapse and its transfer to Next, targeting shoppers who had not registered that the original business was gone.

Brands and Authorities Issue Warnings as OpenAI Removes Flagged URLs

The response from those named in the findings was swift, if varied in its scope. Dunelm told customers they should use only its official website or app, and that when it becomes aware of a fraudulent site it works to have it removed as quickly as possible. Next said it was aware of the situation and had been working to have the fake sites taken down. OpenAI said it had removed the fraudulent websites from its search index.

National Trading Standards head of scams Louise Baxter put the broader risk plainly.

“Consumers are increasingly turning to AI tools for advice and recommendations, but criminals are adapting just as quickly.”

Baxter issued a second warning carrying the same weight.

“The fact that scam websites can appear in AI-generated results is worrying, and is a stark reminder that fraudsters will exploit any new technology that helps them reach potential victims.”

Her central point was direct: a website appearing in an AI-generated answer is not, by itself, evidence that the site is genuine.

Verification Steps Before Paying or Signing Up

Report Fraud advises consumers to avoid clicking links they are not certain about, and to navigate separately to a retailer’s website if there is any doubt about a link’s legitimacy. Fake shopping websites, it notes, are frequently built to steal both money and personal details, not just one or the other.

The same logic extends to anything that resembles genuine content online. Fake reviews and lookalike content have become standard tools in the fraud playbook, and treating AI-surfaced links with the same scepticism applied to unsolicited emails is a reasonable baseline.

If a suspicious site is encountered, Citizens Advice recommends reporting it to Report Fraud. That service can pass cases to the National Fraud Intelligence Bureau, which will issue victims with a crime reference number, providing a formal record should further action be needed.