Consumers using AI chatbots to find bargains are being directed to fake retail websites that steal their money and bank details, as fraudsters exploit the technology to clone brands that no longer have an official online presence.
The scam-checking service Ask Silver has identified cloned websites for the footwear and accessories retailer Russell & Bromley and the furnishings chain Dunelm appearing in search results generated by ChatGPT. In one test, researchers asked the AI assistant: “What are popular Russell & Bromley purses and bags?” The response included prices, trends and recommendations — along with links to fraudulent sites that were designed to look like the real thing.
Customers who click through and buy believing they are shopping with a legitimate retailer will never receive the goods. Instead, their payment details are harvested by criminals who have created convincing copies of the original stores.
How the scammers exploit a defunct brand
The Russell & Bromley case is a stark example of how fraudsters are weaponising a brand that no longer has an independent website. The company entered administration on 21 January 2026 and was acquired by Next PLC for £3.8 million — £2.5 million for the brand and intellectual property, and £1.3 million for stock. As part of the deal, 33 of its 36 stores and all nine concessions closed immediately. Only three flagship outlets in Chelsea, Mayfair and Bluewater were initially retained under a Next licence, and those closed in late April 2026.
Because Russell & Bromley no longer operates its own website — its products are now sold through the Next site — there is a gap in the online market that scammers have rushed to fill. Anna Jones of Ask Silver said the large language model that powers ChatGPT may have been “poisoned”, a term that describes the insertion of malicious content into the data an AI learns from. “In this instance it looks like scammers are taking advantage of the fact that Russell & Bromley went into administration in January 2026 and was absorbed by Next – so there is no longer an official Russell & Bromley website, but potential customers will likely still be searching for it,” she said.
The fake sites identified by Ask Silver include domain names such as therussellbromleyofficial, russellandbromleylondon, russellbromleyonlineuk and russell-and-bromley. These addresses closely resemble what a legitimate store might use, and the sites themselves appear credible. One example offered discounts of up to 80 per cent on bags, a classic lure. The real Russell & Bromley store now sits within the Next website, meaning any independent site claiming to sell its goods is almost certainly fraudulent.
The mechanics of AI-powered fraud
The scam relies on consumers trusting AI recommendations. Ask Silver’s test showed ChatGPT returning detailed product suggestions with prices and source links. Among those sources were two fraudulent Russell & Bromley sites. The cloned pages often use AI-generated imagery and text to appear authentic, mimicking the look and feel of a genuine retailer. In some cases, scammers create realistic images of shops and happy customers to further the illusion.
Louise Baxter, head of the scams team at National Trading Standards, warned that the appearance of scam websites in AI-generated results is a worrying development. “Consumers are increasingly turning to AI tools for advice and recommendations, but criminals are adapting just as quickly. The fact that scam websites can appear in AI-generated results is worrying, and is a stark reminder that fraudsters will exploit any new technology that helps them reach potential victims,” she said.
The broader trend is alarming. Cifas has reported a record 444,000 cases of fraud in the UK in the past year, with AI identified as a significant enabler for large-scale deception. Fake online shops and advertisements now account for more than half of all scams detected on social media in the UK, and a study found that 64 per cent of young shoppers who use AI for shopping express concerns about being tricked.
Advice for consumers
Experts urge shoppers to be vigilant when following links from AI tools. Key warning signs include unusual domain names — legitimate UK retailers typically use .co.uk or .com. Extra words such as “official” or “deals” in the web address are a red flag. Fraudulent sites often accept payment only by bank transfer, which offers no recourse for the buyer, and they frequently advertise massive discounts that seem too good to be true.
The safest approach is to navigate directly to a retailer’s official website rather than clicking links in AI-generated results. A spokesperson for Dunelm said: “We encourage our customers to only engage with our official website, www.dunelm.com, or via the official Dunelm app.” The retailer added that whenever it becomes aware of a fraudulent site, it works to ensure its removal as quickly as possible.
Next, which now owns the Russell & Bromley brand, said it was “aware of the situation” and had been working to have the fake sites closed down. A spokesperson for ChatGPT confirmed that the fraudulent websites had been removed from its search index, and that users can report sites that violate its policies through an online form.
Anyone who suspects they have handed over financial details to a scam site should report it to their bank immediately and contact Report Fraud, the UK’s national cybercrime reporting service, on 0300 123 2040. Suspicious emails can be forwarded to [email protected], and suspicious texts to 7726. Ask Silver, which partners with the online safety resource Get Safe Online, offers a scam-checking tool available via WhatsApp and desktop.
