Google just took one of its most aggressive legal stands against cybercrime. The company filed a lawsuit against a Chinese cybercrime operation that used AI to scam hundreds of thousands of victims and the scale of what they uncovered is alarming. Moreover, this marks the first time Google has pursued legal action against threat actors for weaponizing its own Gemini AI platform. Here’s exactly what happened.
Who Is Outsider Enterprise?
The group, called Outsider Enterprise, developed a phishing software platform that functioned like a “phishing-for-dummies” toolkit priced at $88 per week or $200 per month allowing criminals with little to no technical skill to build convincing fake websites impersonating Google, telecom providers, banks, and government agencies.
Furthermore, the operation coordinated entirely through Telegram. Members distributed phishing links via text messages that impersonated Google and other trusted brands, using urgent warnings about compromised accounts or fake package tracking alerts to trick victims into clicking.
How They Used Google’s Own AI Against Its Users
Members of Outsider Enterprise actively encouraged each other to use Gemini to generate custom code for phishing websites, which was then imported directly into the Outsider software and converted into live scam pages effectively turning Google’s own AI into a tool for fraud at industrial scale.
Additionally, the network used over 290 prebuilt templates to impersonate brands including YouTube, the U.S. Postal Service, state DMVs, and toll agencies like E-ZPass.
Chinese Cybercrime Operation That Used AI To Scam Victims: The Scale Is Staggering
Over a five-month period from November 2025 to April 2026, Google detected more than 1.59 million URLs connected to Outsider Enterprise. The group deployed over 9,000 fake websites, one million fraudulent domains, and sent 2.5 million texts to Android users in just two weeks.
Moreover, the financial damage runs deep. The FBI confirmed that since July 2023, the Outsider phishing platform enabled the theft of at least 3.87 million credit cards with corresponding losses estimated at $1.9 billion. Stolen payment data came from financial institutions across 95 countries.
The FBI Moved In
The FBI, working alongside Google and Lumen’s Black Lotus Labs, seized several domains used by the criminals, as well as Shopify storefronts and accounts used to test the phishing service.
Furthermore, Google coordinated with AT&T, T-Mobile, and Verizon to block scam texts from reaching users. As a result, the combined response disrupted the operation across multiple channels simultaneously.
Google’s Legal Strategy And What It’s Seeking
Google filed the complaint in the U.S. District Court for the Southern District of New York, seeking damages and injunctive relief under the RICO Act and the Lanham Act. The company is also requesting a court order to permanently dismantle the operation’s infrastructure.
That said, this isn’t Google’s first move against this type of threat. In November 2025, Google filed a separate RICO lawsuit against a group called Lighthouse another phishing-as-a-service operation accused of compromising between 15 million and 100 million credit cards in the U.S. alone. A temporary restraining order shut that operation down within hours of the complaint being filed.
Google Is Also Pushing For New Laws
Google is backing seven bipartisan bills targeting AI-driven scams, including the “National Strategy for Combatting Scams Act,” “Stop Scams Against Seniors Act,” and the “Strategic Task Force on Scam Prevention Act.”
Congressman Brian Fitzpatrick framed the broader threat clearly: “This is not spam. It is organized transnational crime moving through our phones, and it demands a response as coordinated and aggressive as the threat itself.”
What You Can Do Right Now
Don’t click links in unexpected text messages even ones that appear to come from Google, your bank, or the post office. Additionally, enable multi-factor authentication on all important accounts. Furthermore, report suspicious messages directly to your carrier and to Google.
Google’s AI-powered scam detection on Android currently intercepts more than 10 billion malicious messages monthly but human awareness remains the first line of defense.
Final Thoughts
The Chinese cybercrime operation that used AI to scam hundreds of thousands of victims exposed a serious new reality generative AI has become a tool for fraud at industrial scale. Therefore, lawsuits alone won’t solve this. It requires coordinated action between tech platforms, carriers, law enforcement, and updated legislation.
Moreover, Google’s decision to pursue legal action sets an important precedent platforms will now hold threat actors legally accountable for abusing their AI tools. In fact, this case may define how AI misuse is prosecuted for years to come. Finally, stay vigilant, keep your software updated, and treat every unsolicited text link as a potential threat.




Leave feedback about this