-1.png?w=1024)
Google’s own AI helped scale a massive phishing operation. Now the company wants the operation legally dismantled.
According to Google, an alleged China-based cybercrime platform used Gemini and other AI platforms to support a phishing ecosystem responsible for millions of scam texts and thousands of fake websites impersonating trusted services. The company is now asking a court to shut down the operation, arguing that the group's use of AI helped turn a familiar cybercrime tactic into something far larger, simpler, and more efficient.
The lawsuit raises one of the biggest questions hanging over the AI boom: what happens when the same tools built to boost productivity start helping criminals scale fraud?
A look inside an AI-powered scam operation
The operation centered on a cybercrime group based in China and known as Outsider Enterprise. The group built a massive phishing network focused on impersonation and fraud.
According to Google, the group sent 2.5 million scam text messages to Android users over a two-week period. It launched 9,000 sham websites designed to trick victims into handing over sensitive personal and financial information. Google says the group also deployed 1 million fake domains, with several of these domains seized alongside fake Shopify accounts.
The tech giant says Outsider Enterprise used AI to simplify its operations, with Gemini playing a supporting role in the scheme. The company alleges that members of the operation used these AI platforms to scale phishing and deceive users under the guise of telecom providers, financial institutions, government agencies, and retailers.
Court filings also point to instructional material that showed other scammers how to create and refine phishing infrastructure. In Google's own framing, operatives of Outsider Enterprise not only ran widespread phishing attacks, but they also created Outsider. This "phishing-for-dummies" subscription tool costs $88 per week and $200 per month.
The result, Google argues, was a fraud operation capable of producing convincing scams at a scale that would have traditionally required significantly more time, expertise, and human resources. While phishing itself is hardly new, the company says the group's use of AI helped expand the familiar tactic.
How Outsider Enterprise’s phishing network worked
Google says the operation works with other member groups.
Some create and maintain more than 290 phishing templates used, while others provide target lists from public records, social media, and data-breach sources. Another group provides the tools and infrastructure for bulk scam texts, including smartphones, SIM cards, and modems. A fourth group handles the monetization and laundering of stolen funds.
In a statement to TechCrunch, a Google spokesperson said the platform has been active since at least July 2023. Since then, “an estimated 3,870,000 stolen credit cards and a corresponding estimated $1.9B in losses” have been made possible by hackers leveraging the platform.
The company also says that from Nov. 14, 2025, to April 14, 2026, over 1.59 million URLs were connected to Outsider Enterprise’s platform, indicating a high level of activity.
What is Google seeking
To help block spam operations, Google collaborated with network operators AT&T, T-Mobile, and Verizon. Shutting down the platform and seizing domains were made possible through coordination between Google, the FBI, and Lumen’s Black Lotus Labs.
However, Outsider Enterprise, like many others of its kind, doesn’t stop after disruptions like this. That is why Google has gone to court not only to seek compensatory and punitive damages, but also to have the court use its legal powers to dismantle the platform’s operations completely.
Also read: Security researchers at Permiso disclosed ChatGPhish, a prompt-injection issue that could cause attacker-controlled content to appear in ChatGPT summaries.