Cybersecurity researchers say scammers have found a new way to catch shoppers: get ChatGPT to recommend fake stores that are built to steal payment details. The trick works especially well on brands that have just shut down, changed ownership, or vanished from their old web address, because the name still has enough trust to lure people into clicking. In one recent case, ChatGPT was nudging users toward a counterfeit Russell & Bromley store.
Russell & Bromley, the British shoe brand, stopped operating on its own at the beginning of 2026 after moving under Next. Once the official site disappeared, scammers copied it and pushed the clone into ChatGPT’s recommendations for product searches. Ask Silver, the site-checking service that spotted the scheme, said users could be pointed straight to a convincing-looking fraud page and be nudged into entering card data.
How the fake-store scheme works
The mechanics are depressingly simple. Scammers build a believable storefront, then flood the web with enough supportive material to make it look legitimate to an AI system. Researchers suspect this kind of data poisoning can manipulate ranking signals such as CTR, which helps the fake pages surface in chatbot recommendations. If that sounds like search spam with a generative AI costume on top, that is because it is.
- Choose a brand with lingering demand but a broken or changed official site
- Create a cloned storefront that looks close enough to pass a quick glance test
- Seed the web with signals that help the fake page look authoritative to an AI model
- Wait for the chatbot to recommend the page to shoppers looking for the brand
OpenAI has already changed the answers
After the reports surfaced, OpenAI adjusted ChatGPT’s responses for Russell & Bromley queries. The chatbot now warns users about suspicious sites offering steep discounts and tells them to be careful. That is the right response, but it is also a reminder that AI systems are being pushed into the same ugly game search engines have played for years: filter the noise faster than fraudsters can generate it.
The broader worry is what happens as agentic AI becomes more common. OpenAI and Visa are already building infrastructure so AI agents can make purchases and payments on behalf of users, which raises the stakes from bad recommendations to direct financial exposure. When the assistant is no longer just suggesting a shop but helping complete the transaction, scammers will have a much more lucrative target.
Why ChatGPT fake stores are a bigger threat than one brand
This is not just a Russell & Bromley problem. Previous research has already shown that language models can give unstable shopping advice, and that is annoying when the result is the wrong jacket size. It is far worse when the model sends someone to a counterfeit store that exists for one purpose only: taking card details and disappearing.
Scammers adapt quickly to whatever platform people trust next. Right now, generative AI is becoming both a search tool and a new battleground for ranking manipulation, and the winners will be the systems that can spot fraud before the fraudsters learn the next shortcut. The uncomfortable question is how many fake stores will slip through before shoppers start treating AI recommendations like ads: useful sometimes, dangerous if trusted blindly.