⬇️
Key Takeaways
- Google filed suit against Outsider Enterprise after uncovering extensive AI-enabled phishing and smishing activity.
- The company reported 9,000 fake websites, 1 million fraudulent web domains, and 2.5 million scam texts sent in two weeks.
- Collaboration with the FBI, AT&T, T-Mobile, and Verizon played a central role in disrupting parts of the operation.
Google filed a lawsuit to dismantle the infrastructure behind Outsider Enterprise, an alleged Chinese cybercrime network utilizing artificial intelligence to scale phishing and smishing campaigns. The lawsuit outlines a sprawling network that used AI to mimic trusted brands, generate fraudulent websites, and distribute large volumes of scam text messages aimed at stealing passwords and credit card numbers.
According to Google's complaint, the operation achieved massive scale rapidly. Outsider Enterprise allegedly deployed 9,000 fake websites, 1 million fraudulent web domains, and delivered 2.5 million scam texts to Android users within a two-week period. During two weeks in May, Android users flagged 55,000 of these spam texts.
According to an FBI spokesperson speaking to TechCrunch, with coverage echoed by Engadget, the Outsider platform enabled cybercriminals to steal an estimated 3,870,000 credit cards, resulting in approximately $1.9 billion in losses since July 2023. The group offered software that allowed operators to use AI models, including Google's own Gemini, to generate replicas of legitimate services from telecom providers, financial institutions, and government agencies.
AI-enabled impersonation makes traditional phishing indicators increasingly difficult to detect, challenging identity verification practices outlined by organizations like CISA and within the NIST Cybersecurity Framework. To counter these AI-generated lures, Google reported using its own AI-powered tools to intercept more than 10 billion scam messages a month by detecting anomalous text patterns and fraudulent domain registrations.
Google collaborated directly with AT&T, T-Mobile, and Verizon to block the malicious text traffic, while coordinating takedown efforts with the FBI. In conjunction with Google and Lumen's Black Lotus Labs, the FBI seized several domains utilized by the cybercriminals, along with Shopify storefronts and testing accounts linked to the phishing service.
Broader industry analysis from Gartner and Forrester highlights that email defenses alone are insufficient when attackers adopt alternative channels like SMS for AI-enabled social engineering. This aligns with recurring findings in the Verizon DBIR, which consistently identifies social engineering and credential misuse as primary breach vectors—tactics heavily utilized in the Outsider Enterprise campaign.
The scale of the Outsider Enterprise operation illustrates how smishing has evolved into a systematic enterprise threat. An infrastructure capable of deploying 1 million fraudulent URLs in a tight window allows attackers to easily target businesses by replicating single sign-on portals and multi-factor authentication prompts with AI-generated templates.
Through its lawsuit, Google seeks to legally dismantle the foreign-based cybercrime network and halt its operations. The company's complaint lays out evidence against the unidentified operators who built and maintained the turnkey software suite used to enrich themselves by defrauding victims.
The Outsider Enterprise infrastructure functioned as a highly organized ecosystem. Operators collaborated to send malicious text messages and purchase ads to lure targets to fraudulent properties designed to steal passwords, multi-factor codes, and financial information. This division of labor reflects the broader professionalization of cybercrime ecosystems previously documented by researchers at MIT.
The Outsider software was sold as a subscription service, costing $88 per week or $200 per month. This pricing model indicates the platform was explicitly designed for high-volume attacks. Operators utilized communication platforms like Telegram to coordinate their campaigns, while exploiting cloud infrastructure, including Google Drive and Google Cloud, to host various phishing assets.
For enterprise security teams, the rapid evolution of these AI-enabled threats reinforces the need to incorporate advanced behavioral analytics and text analysis into mobile threat defenses. Organizations continue to rely on updated frameworks like the NIST CSF and active guidance from CISA to implement practical defensive steps against these automated attacks.
The collaboration between Google, major telecom carriers, and the FBI demonstrates a coordinated strategy to disrupt specific cybercrime infrastructure rather than relying solely on network-level filtering. By dismantling the domains, testing accounts, and storefronts utilized by Outsider Enterprise, this multi-stakeholder enforcement action directly targets the financial and operational mechanisms powering modern AI-driven phishing campaigns.
