AI Chatbots Are Sending Shoppers to Scam Sites – Here’s How to Stay Safe

Introduction

If you’ve asked an AI chatbot for product recommendations lately, you’re not alone. More people now use tools like ChatGPT, Google Gemini, or Microsoft Copilot to decide what to buy. But recent warnings from consumer groups suggest those recommendations may sometimes lead to fraudulent websites instead of legitimate stores.

This isn’t a hypothetical risk. Several organizations—including Which? in the UK and the Better Business Bureau in the US—have flagged cases where chatbots directed users to fake shopping pages that look like well-known brands but are designed to steal payment details or personal information. Here’s what’s happening and how you can protect yourself.

What happened

In early June 2026, Cybernews reported that consumer groups were warning about a rise in AI-powered chatbots sending shoppers to scam websites. The problem appears to be twofold. First, some scammers deliberately manipulate how chatbots retrieve information by injecting fraudulent links into the data or web sources the AI relies on. This is sometimes called “affiliate abuse” or “SEO poisoning for AI.” Second, even without malicious input, chatbots occasionally hallucinate—that is, they make up plausible-looking but fake URLs that happen to point to real scam sites, or they reference outdated information that includes dead links now controlled by fraudsters.

For example, a consumer searching for a specific brand of headphones might get a reply that includes a link to a “discount store.” That link, on closer inspection, leads to a page that copies the brand’s logo and product images but has no legitimate payment infrastructure. The user enters their card number, and the money goes straight to a criminal.

Why it matters

AI chatbots are designed to be helpful, but they lack real-time verification of the websites they recommend. Unlike a human shopping assistant who might recognize a shady domain, an AI model processes training data and current web results without being able to tell whether a link is safe. The result is that average shoppers are being exposed to scam sites they might never have encountered otherwise.

The financial and privacy risks are serious. A fraudulent site can harvest credit card numbers, home addresses, and passwords. In some cases, the site might install malware on the user’s device without their knowledge. And because the recommendation came from a trusted AI tool, victims may be less suspicious than if they’d clicked on a random ad.

Consumer groups stress that this isn’t a bug that will be fixed overnight. The underlying technology—large language models and retrieval-augmented generation—is not inherently designed to assess the trustworthiness of a domain. Until providers build better guardrails, the burden falls on the user.

What readers can do

Always check the URL before clicking. This is the single most effective habit. Hover over the link (or long-press on mobile) to see the full address. Scam sites often use misspellings (e.g., “amaz0n.com” instead of “amazon.com”) or obscure top-level domains like .shop or .xyz. Legitimate retailers typically use .com, .org, or country-specific TLDs like .co.uk.

Open your own browser tab instead of clicking. If a chatbot suggests a specific store, manually type the retailer’s main website address into your browser. Then search for the product there. This bypasses the risky link entirely.

Use official retailer apps. Shopping via the official app of a trusted brand reduces the chance of landing on a spoof page. Apps are more tightly controlled than web links.

Be wary of discounts that seem too good. Scam sites often lure shoppers with extremely low prices. A 70% discount on a popular item from an unknown store is a red flag.

Check independent reviews. Before buying from a site you don’t know, search for its name plus “scam” or “review.” Sites like Trustpilot or the Better Business Bureau can give you a sense of legitimacy.

Report scam links to the chatbot provider. If you receive a fraudulent link from ChatGPT, Copilot, or Gemini, use the feedback or report feature. Providers need this data to improve their safety filters.

Sources

This article draws on reporting by Cybernews, published June 8, 2026, which detailed warnings from consumer groups about AI chatbot searches leading shoppers to scam websites. Additional context comes from past alerts by Which? (UK) and the Better Business Bureau (US) concerning AI-driven shopping fraud.