The FBI, Google, and cybersecurity partners have dismantled a massive China-based phishing operation that allegedly used AI tools to fuel scams responsible for nearly $1.9 billion in losses worldwide.
Quick Summary – TLDR:
- The FBI and Google have taken action against Outsider Enterprise, a China based phishing as a service operation.
- Authorities say the network helped cybercriminals steal nearly 3.9 million credit cards and caused an estimated $1.9 billion in losses.
- The group allegedly used Google Gemini and other AI tools to create phishing websites, scam messages, and fraudulent campaigns at scale.
- Multiple domains, cryptocurrency assets, and infrastructure linked to the operation have been seized as part of an ongoing crackdown.
What Happened?
The FBI, working alongside Google and Lumen Technologies, announced a major disruption of Outsider Enterprise, a cybercrime network accused of running one of the world’s largest phishing operations. The group allegedly provided ready made phishing kits and infrastructure that allowed criminals to impersonate trusted brands and steal sensitive financial information from victims across dozens of countries.
Authorities say the operation relied heavily on artificial intelligence to make scams faster, more convincing, and easier for criminals with limited technical skills to launch.
Google has sued a Chinese cybercrime group called Outsider Enterprise, accusing it of using AI tools to help scammers target hundreds of thousands of people.
— Pirat_Nation 🔴 (@Pirat_Nation) June 14, 2026
According to Google, the group sent millions of fake text messages and created thousands of websites that mimicked… pic.twitter.com/QjSa5MA8ll
How Outsider Enterprise Built a Global Scam Network?
According to court filings and law enforcement statements, Outsider Enterprise operated as a sophisticated phishing as a service platform coordinated largely through Telegram. Rather than carrying out attacks directly, the group supplied tools, templates, infrastructure, and support to cybercriminals who subscribed to its services.
Google described the platform as a large scale operation that enabled criminals to create fake websites in minutes. Subscription plans reportedly started at just $88 per week, making advanced phishing tools accessible to a wide range of fraudsters.
The platform offered more than 290 templates designed to imitate legitimate businesses, financial institutions, government agencies, retailers, wireless carriers, and online services. Several templates even used Google branding, including logos associated with YouTube, Google Pay, and Google Play.
AI Became a Force Multiplier for Scammers
One of the most alarming aspects of the case is the alleged use of Google Gemini and other AI platforms to generate phishing content.
Google claims the operators behind Outsider Enterprise encouraged customers to use AI tools to create custom code, phishing messages, and fake websites. These scams frequently revolved around missed package deliveries, unpaid toll charges, parking violations, brokerage account issues, and wireless carrier reward programs.
The scale of the operation was enormous. Google says attackers generated approximately 9,000 fake websites, more than 1 million fraudulent URLs, and sent over 2.5 million phishing text messages to Android users during a two week period in May 2026 alone.
Investigators also found that scammers used Google Cloud services to host phishing pages and Google Drive to store stolen information.
Billions in Losses Across Dozens of Countries
The FBI says Outsider Enterprise has been active since 2023 and targeted victims in the United States and at least 54 other countries.
Authorities linked the network to nearly 3.9 million stolen credit cards and estimated losses of approximately $1.9 billion. Google said hundreds of thousands of people were affected by attacks connected to the platform.
The phishing software allowed criminals to request multiple forms of verification from victims, including SMS codes, PINs, emails, and app based authentication codes. This capability helped attackers bypass security protections that normally prevent unauthorized transactions.
Operation Riptide Targets the Infrastructure
The takedown effort was carried out as part of the FBI’s ongoing Operation Riptide, which focuses on disrupting cybercriminal networks and the infrastructure they rely on.
Investigators seized domains linked to Outsider’s administrative servers, took control of a Shopify storefront used for phishing kit testing, and confiscated approximately $100,000 in cryptocurrency assets. Authorities also gained access to information through an Outsider Telegram bot and dismantled thousands of phishing domains hosted by US providers.
Google has also filed a civil lawsuit in New York seeking to further dismantle the network’s infrastructure and prevent future abuse.
The company is working with major telecom providers including AT&T, T-Mobile, and Verizon to stop phishing messages before they reach users.
Google General Counsel Halimah DeLaine Prado emphasized that legal action alone will not solve the problem, writing, “Litigation alone won’t end this. As threats evolve, our laws must, too.”
SQ Magazine Takeaway
I think this case shows how quickly cybercrime is evolving in the AI era. What once required skilled hackers can now be packaged into subscription services that almost anyone can use. The most concerning part is not just the scale of the fraud but how AI is helping criminals create convincing scams faster than ever before.
The FBI’s action against Outsider Enterprise is a significant win, but it also serves as a warning. As AI tools become more powerful and accessible, both companies and consumers will need stronger defenses against increasingly sophisticated phishing attacks.
