Google sues to dismantle Outsider Enterprise, alleging AI-powered phishing ring stole millions
Google accuses Outsider Enterprise of running an AI-powered phishing operation that used fake sites and millions of scam texts to steal payment data and credentials.
Google on Friday filed a lawsuit seeking to dismantle what it describes as Outsider Enterprise, an alleged cybercrime network that used AI-driven tools to produce fraudulent websites and send massive volumes of scam text messages. The complaint says the campaign impersonated Google and other major brands to harvest passwords, multifactor authentication codes and payment information from victims worldwide.
Scope of the alleged campaign
Google says the Outsider Enterprise operation reached millions of potential victims through a combination of web domains, cloned sites and text-message campaigns. The company reported detecting thousands of fraudulent URLs and a concentrated burst of attack activity that included millions of messages sent to Android users in a narrow time window.
In its filings, Google described coordinated activity that produced thousands of near-identical landing pages and advertising placements designed to steer recipients into disclosing sensitive credentials. The company estimates the criminal platform produced a high volume of spoofed materials and that user reports of spam surged during recent months.
Allegations about the Outsider phishing platform
According to the complaint, Outsider Enterprise offered a turnkey phishing service that required little technical skill to operate. Google says the platform provided pre-built website templates, real-time dashboards and instructions that leveraged AI to quickly assemble convincing imitations of banks, telecoms, government portals and retailers.
The suit describes the product as a paid service — priced by subscription — marketed inside encrypted messaging channels where operators exchanged tactics and customer lists. Google alleges the toolchain automated large parts of site generation and enabled attackers to collect credentials and multi-factor codes as victims entered them, with data relayed back to the fraud operators in real time.
Scale of the alleged losses and stolen data
Google and law-enforcement statements outline a broad scope of alleged theft and financial harm tied to the platform. The FBI, in coordination with Google and Lumen’s Black Lotus Labs, has seized domains and storefronts tied to the operation and provided estimates of card fraud and monetary losses associated with the collective activity.
In filings and public statements, authorities say the platform has been connected to hundreds of thousands of victims and that cybercriminals using the service trafficked in millions of stolen payment records. Google’s complaint also details monitoring that uncovered more than a million URLs connected to the enterprise across a multi-month period, signaling a substantial, distributed infrastructure.
Industry and law-enforcement response
Google says it has used its own AI-based detection systems to identify and block fraudulent communications, and that those systems contribute to intercepting billions of scam messages each month. The company is also working with U.S. wireless carriers to limit delivery of scam texts and has coordinated evidence-sharing with federal investigators.
Carrier partners named by Google joined efforts to disrupt text delivery and domain operators assisted by law enforcement in seizing portions of the network. The FBI confirmed involvement in domain seizures and described collaborative action to identify accounts and infrastructure used to test and monetize the phishing platform.
Allegations of impersonation and legal claims
The lawsuit accuses the operators behind Outsider Enterprise of impersonating Google and other companies, infringing copyrights and engaging in racketeering and wire fraud. Google is seeking both compensatory and punitive damages as well as court orders to halt the accused parties from continuing to operate the service and to compel hosting providers and infrastructure operators to stop supporting the sites.
The complaint includes allegations that the enterprise employed a multi-tiered criminal supply chain: developers who build and maintain the phishing software, groups that assemble target lists, spammers who supply bulk messaging infrastructure, and money mules who launder proceeds from stolen credentials and payment cards.
The company additionally points to the use of mainstream cloud services and drive-hosting platforms to host fraudulent pages, and to the exploitation of legitimate advertising channels as part of the scheme to steer victims to counterfeit sites.
Google says its monitoring detected concentrated surges of spam reporting from Android users during May, and that the company’s security systems alerted carriers and law enforcement as the activity spiked. Those internal detections helped surface infrastructure tied to the alleged network and underpinned the civil complaint now before the court.
Despite the sweeping allegations, the defendants named in Google’s filings are characterized as foreign-based and largely anonymous, and the lawsuit seeks judicial authority to force disclosure and disable the techniques the company says have enabled the fraud.
Law-enforcement officials noted that investigations into similar criminal platforms can take months of cross-border cooperation and forensic work. Authorities will likely rely on domain seizures, financial tracing and provider cooperation to further disrupt and attribute the activities described in the complaint.
Outsider Enterprise’s alleged model — selling turnkey phishing services and coordinating via messaging channels — highlights an evolution in cybercrime where lower technical barriers and readily available AI tooling can scale social-engineering attacks. The legal action seeks to undercut that business model by targeting the infrastructure and contractual relationships that made the alleged abuse possible.
As the case proceeds, courts will weigh Google’s claims and the scope of relief requested against issues of jurisdiction and evidence preservation. In the meantime, Google and its partners are urging users to remain vigilant about unsolicited texts and to use multifactor protections that do not rely on SMS where possible.
