Google has filed a lawsuit against an alleged Chinese cybercrime network it calls Outsider Enterprise, accusing the group of running a large-scale AI-powered scam operation that targeted hundreds of thousands of victims. The company says the group used AI tools, including Google’s own Gemini, to build fake websites impersonating banks, telecom providers, government agencies, and retailers, then used those sites to steal passwords, credit card numbers, and multi-factor authentication codes.
According to TechCrunch, the FBI, working alongside Google and Lumen’s Black Lotus Labs, has already seized several domains used by the operation, along with Shopify storefronts and accounts used to test its phishing service. Since July 2023, the FBI estimates the group’s platform enabled the theft of at least 3.87 million credit cards, resulting in roughly $1.9 billion in losses.
The lawsuit is one of the most detailed public takedowns of a phishing-as-a-service operation to date. It gives a rare inside look at how modern cybercrime has become industrialized, with software, templates, training channels, and even customer support, all available for a weekly fee.
At the center of the operation is a piece of software also called Outsider, which costs $88 per week or $200 per month. The software lets buyers, even those with little or no technical skill, spin up convincing fake websites in minutes using AI-generated code. Google says the platform includes more than 290 pre-built templates that mimic real websites, a dashboard for tracking phishing campaigns, and guides on how to use AI tools to build and deploy attacks faster.
The scale of what Google uncovered is striking. Over just five months, from November 2025 to April 2026, Google detected more than 1.59 million URLs tied to the operation. In a single two-week period, the group sent 2.5 million scam texts to Android users and had 55,000 of those texts flagged by users as spam, which works out to more than two complaints per minute.
Outsider Enterprise is not a single group but a network of specialized teams, each handling a different part of the operation:
- Developers who build and maintain the phishing software and website templates
- Data suppliers who compile target lists from public records, social media, and previous data breaches
- A spammer group that runs the infrastructure for sending bulk scam texts, including smartphone banks, SIM cards, and modems
- A monetization team that cashes out stolen credentials and launders the money
“
The groups coordinate openly on Telegram, where members train each other, share strategies, and discuss new attack methods. Google quoted from the complaint: “The Enterprise brazenly coordinates its efforts in open and largely uncoded discussions on Telegram.”
The stolen data in this case crossed borders significantly. Google says the group stole at least 36,000 payment cards issued by financial institutions across 95 countries. Hosting for the fake websites was done, in part, on Google’s own infrastructure, including Google Drive and Google Cloud, which the company says the criminals exploited without authorization.
Google is fighting back on multiple fronts. The company says it uses AI tools to detect and block scam messages at scale, intercepting more than 10 billion scam messages per month. It has also been working with AT&T, T-Mobile, and Verizon to block the texts before they reach users, and is coordinating with the FBI on the broader investigation.
With the lawsuit, Google is seeking compensatory and punitive damages and a court order to shut down the operation. The legal claims include impersonation of Google’s brands, copyright infringement, racketeering, wire fraud, and false advertising. The identities of those behind Outsider Enterprise remain unknown, as they are described in the complaint as foreign-based cybercriminals operating anonymously.
This case reflects a broader shift happening across the cybersecurity world. AI tools have lowered the barrier to entry for fraud, making it possible for people with no coding background to run sophisticated phishing campaigns at scale. The fact that criminals are now using the same AI platforms that tech companies built for legitimate productivity is a problem the industry is still working out how to handle. Google’s move to sue, rather than just block and patch, signals a more aggressive posture toward operations that exploit its infrastructure.