I’ve spent the last few months researching the types of sources that ChatGPT cites when recommending businesses.
As more and more searchers turn to ChatGPT to ask for recommendations on products, services and businesses, there’s a need for these platforms to make sure that these are genuine, trustworthy businesses that are sourced from the right places.
Over the last couple of weeks, I’ve been down a rabbit hole looking into spammy and manipulative tactics being used to game visibility.
And no, I’m not talking about publishing your own ‘10 best…’ list and putting yourself at the top. Nor am I talking about ‘parasite SEO’ – paying to place this type of article on an authoritative third-party site.
I believe that the more we understand about why certain citations get surfaced, even if these are spammy and manipulative, the better we understand how these new platforms work. And then, how we go about getting our own businesses recommended by them.
I’m not suggesting you should be using these manipulative approaches to be recommended in ChatGPT. Not at all. But that doesn’t mean you can’t learn from it.
As ChatGPT and similar tools become more popular ways for users to discover businesses, then the integrity of those recommendations really matters. When bad actors can game the system using hacked or expired domains, it undermines trust and gives an unfair advantage to those willing to manipulate the system rather than build authority and popularity the right way. And it ultimately points users towards sites that don’t deserve to be there.
As a heads up, I won’t be sharing specific domains that are being recommended as a result of these. I don’t believe it’s fair to out any individual or brand’s tactics in that way… if you want to dig deeper into what’s happening here, you’ll find them pretty quickly yourself.
I’ll be showing plenty of examples of the sources, just not linking these back to the businesses who are benefiting from them.
Influencing vs Manipulating Visibility
If you want your business to be recommended by ChatGPT, you need other people to be saying you’re the best at what you do. You can’t just be saying it yourself (but this isn’t to say your own content isn’t used; it is).
And this means, alongside reviews and UGC, mentions on third-party sites, especially authoritative press publications, are pretty much essential.
Because of this, we’ve seen lots of recommendations to create ‘best of’ listicles on your own site as well as getting included in others, with ones published by top-tier press the go-to.
The fact that being included in these listicles works so well at influencing visibility means we’ve seen lots of these published as advertorials; think parasite SEO or writing guest post listicles (although I believe there’s an authority filter for inclusion as a source, which likely makes this less effective, but more on that later).
Whilst there’s questions to ask before using these tactics, such as whether it makes sense to be publishing listicles that also include your competitors on your own site, largely from a brand perspective, or whether the parasite approach will stick long-term (we know how Google’s viewed this in the recent past), they’re both fundamentally tactics that are working right now.
It’s easy to see that they’re based on doing what works, and I see nothing wrong with that. Often you gotta do what you gotta do and these things are about influencing visibility.
But then there’s a whole different side to this … manipulating visibility.
I’ve found stacks of evidence in the last few weeks that brands are being recommended on ChatGPT in some of the most competitive sectors out there by manipulating the results in two ways; by publishing listicles on hacked sites and rebuilt expired domains.
It’s the most extreme example of something that works but shouldn’t, but the difference between being visible on ChatGPT and Google is that, for the former, we can see exactly which sources are being used to cite recommendations from.
So, let’s look at these examples of how brands are manipulating ChatGPT visibility.
ChatGPT’s Untrustworthy Recommendations
There are two core tactics that I found being used to manipulate ChatGPT’s recommendations; and both exploit weaknesses in how sources are selected and evaluated.
There’s even the possibility that these are actually things that are being done ‘for links’ but which ChatGPT is surfacing as sources for recommendations.
Either way, the fact that sources like what you’re about to see are being used is, in my opinion, a concern.
I’ve zoomed in on recommendations for online casinos and related businesses here; for the simple reason that it’s absolutely rife with examples like these, but it’s also a regulated industry. It’s also very much YMYL; there’s serious risks with these recommendations if they get it wrong.
Hacked Sites
Pages which have been placed on what I believe to be hacked sites are being used to recommend businesses by ChatGPT.
Asking ChatGPT to recommend ‘the best place to play online slots’ we see this source:
Here’s the page:
This is hosted on the site of Veronica T. Barton, a domestic violence attorney based in California.
From what I can see, she’s very much still practicing. This isn’t an expired domain.
The homepage has reviews from the last few weeks and her social profiles are all active:
And I can see Veronica’s legal license:
It all stacks up as a legit business.
So why is the site publishing listicles about casinos?
They’re not … their site has been hacked and this page added. At least, that’s what I think is happening here.
Want more examples?
Look at this which was cited as a source for the best online casinos in the UK:
Looks kinda familiar, right?
It’s the site of a United Nations global coalition of youth-led organisations.
I asked ChatGPT to tell me about the Paradigma Coalition. Here’s what it said:
The listicle being cited to recommend the best online casinos doesn’t actually link to the casinos. There’s only one outbound link on the page… which is to another site which looks to have been repurposed to talk about casinos.
Importantly, it links out using the anchor text ‘casinos not on GamStop.’ See why I’m concerned about what’s being recommended here?
That site used to belong to a country manor hotel.
It’s safe to say, I think, that the source we’re seeing cited by ChatGPT is a site that’s been hacked and has had numerous pages about casinos placed on it to leverage the site’s authority.
Is this actually a link building play, which just so happens to be being cited as a source on ChatGPT? We can’t be sure. But that’s not really the point. The fact remains that ChatGPT is citing these, whatever the reason these pages were published. It shouldn’t be.
I also came across this example:
Let’s go through these validation steps again.
This is the current site of a summer camp in the US.
That ‘best online slots UK 2025’ page?
Looks blank, right?
Not so fast…
It’s just using white text on a white background.
There’s no doubt that these are hacked sites. And it’s concerning that ChatGPT is recommending casinos, of all things, based on these.
Expired Domains
Asking ChatGPT for recommendations for online casinos, I discovered a tonne of listicles hosted on expired domains.
Here’s a source I found when asking for recommendations for a no deposit casino.
Again, this site is pushing non-GamStop casinos.
This is a DR76 domain, with 9.1k referring domains linking to it, including site like the BBC, CNN and Bloomberg.
Using Archive.org, I was able to quickly find that this was the former domain of NVA, an arts charity that closed in 2018.
This is the perfect example of an ‘authoritative’ domain being cited by ChatGPT and its content used to make recommendations, despite it having been switching up topically from art to casinos.
There’s no questions that it’s the site’s authority that’s causing it to be used as a source. The issue is that the domain changed hands and the site totally switched up.
Need more examples?
Here’s another…
This domain used to belong to a drug and alcohol misuse charity.
And another:
This domain used to belong to a UK-based bag retailer:
And another:
This domain used to belong to another charity:
All three sites as sources that ChatGPT used to recommend the best bookies:
One thing is incredibly clear… ChatGPT is absolutely not filtering out content that’s sat on domains which have expired and since been repurposed.
Where Do We Draw the Line?
It’s important to distinguish between influencing visibility and manipulating visibility, which often involves deception.
Getting featured in genuine “best of” listicles published by trusted media? That’s smart, credible influence.
Paying to place a listicle on a third-party site with no editorial oversight? Questionable, but arguably playing the game.
Injecting your brand or content into a hacked site or rebuilding an expired domain solely to fool a language model into citing it? That’s manipulation, and it undermines the credibility of the platform.
But the truth is, there’s a grey area in between.
When it comes to recommendations, though, there’s a duty for the platforms to ensure the businesses being put forward are worthy of this. And the biggest problem there looks to be is in allowing manipulative sources to influence recommendations.
Why These Sources Are Being Cited as Sources Right Now
The fact that these sources are being cited is concerning, but it gives us an opportunity to consider why they’re being used.
And my conclusion here is that it’s all about the perception and understanding of the host domain (or original domain). These sites (either hacked sites or expired domains) are being surfaced because there’s nothing to filter them out, despite the content either being on a hacked site or the domain having been repurposed.
I believe there’s also a recency play happening here, too, given that the dates on all of these sources when surfaced by ChatGPT are within the last month.
ChatGPT prefers recent sources, and the fact that these listicles aren’t topically relevant to what the domain is (or should be) about doesn’t seem to matter.
We Can’t (Yet) Blindly Trust ChatGPT Recommendations
We’re not yet at the stage where we can trust ChatGPT recommendations without considering where it’s sourced these from.
The fact that there’s example after example of hacked sites and repurposed expired domains being cited as sources for casinos and bookmakers is concerning.
Regardless of the sector, these sources shouldn’t be recommended … and only time will tell right now as to whether we start to see citations that have sites (and pages) like these filtered out.