Zscaler ThreatLabz identified two campaigns leveraging Indirect Prompt Injection (IPI) to manipulate AI agents via malicious websites. The first campaign uses SEO poisoning and hidden IPI instructions on a fraudulent API documentation site to trick AI agents into sending cryptocurrency payments for a fake API key. The second campaign uses a typosquatting domain (debank.auction) with hidden prompt injection to misclassify the fraudulent site as the legitimate DeBank platform. Testing across 26 LLMs showed 4 models vulnerable to the payment scam and 2 models susceptible to misclassification, demonstrating measurable real-world impact that varies by model and context.