Google has initiated legal action to dismantle a sophisticated cybercrime operation, identified as Outsider Enterprise, which leverages artificial intelligence to orchestrate large-scale phishing scams. The tech giant alleges that this network, believed to be based in China, employs AI to generate and disseminate deceptive text messages impersonating Google and various other prominent brands. These fraudulent communications aim to illicitly obtain user passwords and financial information, resulting in significant financial losses for victims.
According to Google’s filings, Outsider Enterprise has defrauded “hundreds of thousands of victims,” with estimated losses reaching into the millions. The scale of the operation is substantial, with reports indicating the deployment of 9,000 fake websites and one million fraudulent web domains. During a mere two-week period, approximately 2.5 million scam text messages were sent to Android users. Google noted that in May alone, 55,000 spam texts were flagged by Android users, equating to more than two complaints per minute.
The company highlighted its own counter-offensive, stating that it utilizes “AI-powered tools to fight AI-powered scams.” These advanced systems enable Google to detect fraudulent activities and alert users to suspicious communications, intercepting over 10 billion scam messages monthly. Google is also collaborating with major telecommunications providers, including AT&T, T-Mobile, and Verizon, to block these malicious text messages, and is coordinating its efforts with the Federal Bureau of Investigation (FBI).
An FBI spokesperson confirmed that, in conjunction with Google and Lumen’s Black Lotus Labs, several domains utilized by the cybercriminals were seized. This action also included the disruption of associated Shopify storefronts and accounts that facilitated the operation’s phishing services. Since July 2023, the FBI estimates that Outsider Enterprise’s phishing platform has been instrumental in the theft of at least 3,870,000 credit cards, leading to estimated losses of $1.9 billion.
Analysis of Outsider Enterprise Operations
Google’s legal complaint details the evidence gathered against individuals associated with Outsider Enterprise. These foreign-based cybercriminals, whose identities remain largely unknown, are accused of developing and maintaining a comprehensive, “turn-key” online software suite. This platform is designed to enable individuals with minimal technical expertise to create fraudulent websites intended for victim exploitation and personal enrichment.
The core of the operation appears to be a service termed “Outsider,” described as a “phishing-for-dummies” software. This platform, reportedly costing $88 weekly or $200 monthly, utilizes AI technologies, including Google’s own Gemini, to facilitate the creation of sophisticated fake websites. These sites meticulously impersonate legitimate services from telecommunications providers, financial institutions, government agencies, and retailers.
To direct victims to these fraudulent sites, cybercriminals employ a multi-pronged approach, including sending malicious text messages and purchasing online advertisements. The ultimate objective is to capture sensitive data such as passwords, multi-factor authentication codes, and financial details. The Outsider platform facilitates the real-time transmission of this stolen information from victims who input it into the fake websites.
“Part of the Outsider software’s appeal is the ease with which someone with limited technical expertise — like many members of the Enterprise— can purchase the software, execute various phishing attacks, and, upon purchase, meet other members of the Enterprise who are proficient in other areas,” Google stated in its complaint, referencing the use of Telegram channels. These platforms reportedly serve as hubs for cybercriminals to collaborate, share knowledge, strategize, and develop new phishing tactics. Google asserts that the Enterprise “brazenly coordinates its efforts in open and largely uncoded discussions on Telegram.”
The Outsider platform allegedly provides cybercriminals with over 290 pre-built templates that replicate legitimate websites, enabling the rapid generation of convincing replicas. Furthermore, it is said to offer guidance on “weaponizing AI-generated code” and includes a dashboard for monitoring phishing campaign progress. Evidence suggests that Google Drive and Google Cloud infrastructure have been exploited to host these malicious websites.
Google’s complaint indicates that the Outsider software has been used to generate more than a million phishing websites, resulting in substantial financial losses for victims. Over a five-month period, from November 14, 2025, to April 14, 2026, Google detected over 1.59 million URLs associated with this operation.
The Outsider Enterprise operation is described as a structured criminal enterprise comprising several specialized groups. These include developers who create and maintain the phishing software and templates, individuals who curate target lists from public records and data breaches, a “spammer group” responsible for bulk text message delivery using tools like smartphone banks and SIM card infrastructure, and operators who monetize the stolen credentials and launder the illicit funds.
The cybercriminal group has reportedly obtained “at least 36,000 payment cards issued by financial institutions in 95 countries.” Google’s lawsuit accuses the individuals behind Outsider Enterprise of impersonating the company and its brands, copyright infringement, racketeering, wire fraud, and false advertising. Through this legal action, Google seeks compensatory and punitive damages, alongside an injunction to halt the criminal activities.
Business Style Takeaway: Google’s lawsuit against Outsider Enterprise underscores the escalating threat of AI-powered cybercrime and the critical need for proactive defense strategies. Businesses must invest in robust security measures and leverage AI defensively to counter increasingly sophisticated phishing and fraud tactics, recognizing that the digital battlefield is continuously evolving.
Based on materials from : techcrunch.com