Google has filed a landmark lawsuit against an alleged China-based cybercrime network known as Outsider Enterprise, accusing the group of deploying artificial intelligence to run one of the most expansive phishing operations in recent history. The group is linked to hundreds of thousands of victims, an estimated $1.9 billion in financial losses, and 2.5 million fraudulent text messages sent to Android users in just two weeks.
A Scam Operation of Staggering Scale
The numbers behind the Outsider Enterprise operation are difficult to comprehend. According to Google's legal complaint, the cybercrime network built and distributed a ready-to-use phishing software platform, also named "Outsider," that enabled criminals with little to no technical expertise to rapidly launch large-scale scam campaigns targeting everyday consumers.
Over a five-month window spanning November 2025 to April 2026, Google detected more than 1.59 million URLs directly connected to the operation. The group is alleged to have created over 9,000 fake websites and more than one million fraudulent web domains during its period of activity. In just a two-week span this past May, Android users flagged a staggering 55,000 spam text messages tied to the network.
As Google noted in its announcement, "55,000 spam texts were flagged by Android users in just two weeks this past May, that's more than two text spam complaints a minute."
The financial damage is equally alarming. According to the FBI, since July 2023, the Outsider Enterprise phishing platform facilitated the theft of at least an estimated 3,870,000 credit cards, resulting in an estimated $1.9 billion in losses for victims. Payment cards stolen through the operation originated from financial institutions across 95 countries.
How the "Phishing-for-Dummies" Platform Worked
What made Outsider Enterprise particularly dangerous was its low barrier to entry. The criminal software was commercially available to buyers for $88 per week or $200 per month, turning large-scale fraud into an accessible enterprise for even low-skilled operators.
Once purchased, the software gave users access to more than 290 pre-built templates that closely replicated the legitimate websites of telecom providers, government agencies, financial institutions, and well-known retailers. According to Google's complaint, these templates could generate convincing replicas of real websites "in minutes," dramatically shortening the time needed to stand up a new phishing campaign.
Crucially, the platform incorporated artificial intelligence. Members of Outsider Enterprise allegedly used Google's own Gemini AI to generate custom code for phishing websites, which was then imported into the software suite and converted into live scam pages. The group also provided guides on how to "weaponize AI-generated code," alongside a campaign-tracking dashboard. Fraudulent infrastructure was, in some cases, hosted on Google Drive and Google Cloud.
Google described the operation plainly: “The Outsider software has been used to create over a million phishing websites to swindle innocent victims out of millions of dollars.”
Coordinated Through Telegram, Targeted via Text
The criminal network coordinated its activities openly. According to Google's complaint, members operated across Telegram channels where they trained one another, discussed strategies, and divided operational responsibilities. Google noted that "the Enterprise brazenly coordinates its efforts in open and largely uncoded discussions on Telegram."
The network functioned in distinct layers. Some members developed and maintained the phishing software and website templates. Others supplied curated lists of potential targets, drawn from public records, social media, and prior data breaches. A dedicated "spammer group" handled the bulk transmission infrastructure, using smartphone banks, SIM card arrays, and modems to blast millions of fraudulent texts. A final group focused on monetizing stolen credentials and laundering the proceeds.
Victims were driven to the fake websites through two primary channels: targeted SMS messages containing malicious links, and paid advertisements. Once on the fraudulent pages, victims were prompted to enter their login credentials and multi-factor authentication codes, as well as financial information. All of that data was transmitted in real time back through the Outsider platform.
FBI Involvement and Domain Seizures
The lawsuit represents only one dimension of a broader coordinated response. Google confirmed it is working with major US telecommunications carriers, including AT&T, T-Mobile, and Verizon, to block fraudulent messages before they reach consumers. The company also stated that it is coordinating directly with the FBI.
The FBI confirmed its own actions against the network. Brett Leatherman, assistant director of the FBI's Cyber Division, acknowledged the scale of the threat, saying that "criminals increasingly use AI to make fraud like this more convincing and harder to detect." In coordination with Google and Lumen's Black Lotus Labs, the FBI seized several domains used by the cybercriminals, along with Shopify storefronts and accounts tied to testing the phishing service.
Google's AI Defense Against AI-Powered Attacks
The case has also prompted Google to publicly address how it is using technology to counter the very tools being weaponized against its users. The company stated it uses "AI-powered tools to fight AI-powered scams," which allow it to identify suspicious activity and alert users to potentially dangerous calls and text messages. These systems are intercepting more than 10 billion scam messages per month, according to Google.
With the lawsuit, Google is seeking compensatory and punitive damages, as well as a court order to permanently halt Outsider Enterprise's operations. The company has accused those behind the network of impersonating Google and its brands, infringing on its copyright, engaging in racketeering activities, committing wire fraud, and engaging in false advertising. The real identities of the foreign-based operators remain unknown.
The Outsider Enterprise case arrives at a significant moment. As AI tools become faster, cheaper, and more capable, they are increasingly being adopted not just by legitimate businesses but by criminal networks operating at industrial scale. The case signals that technology companies are moving beyond passive detection, into active legal confrontation with those who turn their own platforms against users.
Comments