Google has filed a federal lawsuit against a China-based cybercrime network known as Outsider Enterprise, accusing the group of orchestrating a massive AI-powered phishing operation that has scammed hundreds of thousands of victims worldwide. The lawsuit, announced on Friday, details how the group leveraged Google's own Gemini AI to create convincing fake websites, leading to the theft of millions of payment cards and an estimated $1.9 billion in losses since July 2023.
The Phishing-as-a-Service Platform
At the core of the scheme is a turnkey software platform called Outsider, sold as a subscription for $88 per week or $200 per month. The toolkit allowed even non-technical criminals to generate fake websites impersonating trusted brands—including Google, telecom providers, banks, and government agencies—using over 290 pre-built templates. The platform integrated AI tools like Gemini to rapidly generate code and website templates, making it a "phishing-for-dummies" kit. It also included real-time dashboards, keystroke logging, and tools to bypass multi-factor authentication.
Enormous Scale and Financial Impact
According to the FBI, the Outsider platform enabled the compromise of approximately 3.87 million credit card numbers, with at least 36,000 payment cards issued by financial institutions across 95 countries. The total estimated losses reached $1.9 billion, affecting people and businesses in 55 countries. In May 2026 alone, Android users flagged 55,000 spam texts linked to the operation, and over 2.5 million devices received messages containing Outsider-generated links. Google's own AI defenses intercept over 10 billion scam messages monthly.
Organized Criminal Structure
The complaint reveals that Outsider Enterprise ran like a structured organization with four specialized divisions: developers maintaining the phishing software, data brokers supplying target lists, spammers operating bulk SMS infrastructure, and money launderers monetizing stolen credentials. Members coordinated openly on Telegram channels, sharing strategies and training each other.
Legal Action and Industry Coordination
Google is seeking compensatory and punitive damages under the Racketeer Influenced and Corrupt Organizations Act (RICO), along with trademark infringement claims. The operation, dubbed "Operation Ghost Hook," involved the FBI and Lumen Technologies' Black Lotus Labs, resulting in the seizure of core admin domains, a Shopify storefront, roughly $100,000 from Outsider payment wallets, and thousands of domains. Google is also collaborating with AT&T, T-Mobile, and Verizon to block related scam texts.
This case highlights the escalating arms race in cybersecurity, where generative AI lowers the barrier for large-scale phishing campaigns, necessitating equally advanced AI-powered defenses.
