Google is suing to dismantle the infrastructure behind an alleged massive cybercrime operation powered by artificial intelligence.
On Friday the technological giant was announced a lawsuit against an alleged Chinese cybercrime network called Outsider Enterprise, which Google says uses artificial intelligence in its campaigns to send scam text messages impersonating Google and other brands to steal passwords and credit card numbers.
Outsider Enterprise has financially defrauded “hundreds of thousands of victims” with losses “estimated in the millions.” The group deployed 9,000 fake websites, one million fraudulent web pages and 2.5 million text messages sent to Android users over a two-week period, according to Google.
The company said, “55,000 spam messages were flagged by Android users in just two weeks last May — that’s more than two spam text complaints per minute.”
Google said it uses “artificial intelligence-powered anti-fraud tools” that allow the company to detect scams and alert users to suspicious calls and texts, leading to the interception of more than 10 billion scam messages a month.
The company said it is working with AT&T, T-Mobile and Verizon to block scam text messages and said it is coordinating with the FBI.
An FBI spokesperson told TechCrunch that the bureau, in coordination with Google and Lumen’s Black Lotus Labs, seized several domains used by cybercriminals, as well as Shopify storefronts and accounts used to test the company’s phishing service.
The spokesperson said that since July 2023, Outsider Enterprise’s phishing platform has allowed cybercriminals to steal “at least an estimated 3,870,000 stolen credit cards and corresponding losses estimated at $1.9 billion.”
Inside Outsider Enterprise
In her complaint filed as part of the lawsuitGoogle presented the evidence it gathered against people involved in the activities of Outsider Enterprise, which the company said are cybercriminals based abroad and whose true identities are unknown. This group “built, maintains and operates a turnkey online software suite that allows criminals, regardless of technical skill, to publish fraudulent websites designed to prey on victims and enrich themselves,” according to the complaint.
Google said this “dummy fishing” software called Outsider, which costs $88 a week or $200 a month, allows operators to create fake websites with the help of AI platforms, including Google’s own Gemini. Fake websites impersonate many services and companies, including telecommunications providers, financial institutions, government agencies and retailers.
To lure people to the fake websites, cybercriminals work together to send victims malicious text messages or buy ads. The common goal is to steal passwords and corresponding multi-factor codes, as well as financial information, which the fraudsters can do by taking the data that victims enter on the fake websites, with the information transmitted through the Outsider’s platform in real time.
“Part of the appeal of Outsider software is the ease with which someone with limited technical expertise — like many Enterprise members — can purchase the software, run various phishing attacks, and, while purchasing, meet other Enterprise members who are skilled in other areas,” Google wrote, referring to Telegram channels where cybercriminals can discuss, train and collaborate. “Enterprise boldly coordinates its efforts in open and largely uncoded discussions on Telegram.”
According to Google, the Outsider platform reportedly offers cybercriminals “more than 290 pre-built templates that mimic legitimate websites” that create replicas of real websites “in minutes,” along with guides on how to “tool the AI-generated code,” as well as a dashboard to monitor the progress of the phish campaign. Cybercriminals have reportedly used Google Drive and Google Cloud infrastructure to host the phishing sites.
“The Outsider software has been used to create over one million phishing websites to defraud innocent victims out of millions of dollars,” Google wrote in the complaint.
To give an idea of the scale of Outsider Enterprise’s operation, Google said that in a five-month period from November 14, 2025 to April 14, 2026, the company detected more than 1.59 million URLs linking to it.
Google said the Outsider Enterprise operation consists of several groups of cybercriminals: those who develop and maintain the phishing software and website templates. those who provide target lists curated from public records, social media and data breaches; a “spammer team” who provide tools and the infrastructure for bulk texting fraud, which includes smartphone banks, SIM cards and modems; and those who monetize the stolen credentials and launder the stolen money.
Cybercriminals have stolen “at least 36,000 payment cards issued by financial institutions in 95 countries,” according to Google.
The company accused the people behind Outsider Enterprise of impersonating Google and its brands, infringing its copyright, extortion, wire fraud and false advertising. With the lawsuit, Google is seeking damages and punitive damages, as well as an injunction to stop the criminals from operating.
This story was originally published at 10:26 am. PDT and has since been updated with new information from Google’s complaint and the FBI’s comment.
When you purchase through links in our articles, we may earn a small commission. This does not affect our editorial independence.
