Google sues Chinese cybercrime ring that used AI to scam hundreds of thousands of victims

BitcoinWorld

Google sues Chinese cybercrime ring that used AI to scam hundreds of thousands of victims

Google has filed a lawsuit against an alleged Chinese cybercrime network, Outsider Enterprise, accusing the group of using artificial intelligence to power a massive phishing operation that scammed hundreds of thousands of victims. The tech giant announced the legal action on Friday, detailing a sophisticated scheme that involved AI-generated fake websites, bulk scam text messages, and stolen financial credentials.

How the AI-powered scam operated

According to Google’s complaint, Outsider Enterprise developed a turnkey software platform called Outsider, which it describes as a “phishing-for-dummies” toolkit. The software, priced at $88 per week or $200 per month, allows cybercriminals with limited technical expertise to create convincing fake websites that impersonate brands like Google, telecom providers, financial institutions, and government agencies. The platform leverages AI, including Google’s own Gemini, to generate code and website templates rapidly.

The group deployed more than 9,000 fake websites and one million fraudulent web domains. In a two-week period this past May, Android users flagged 55,000 spam texts — more than two complaints per minute. Google said it intercepted over 10 billion scam messages monthly using its own AI-powered detection tools.

Massive scale of financial losses

The operation caused estimated losses in the millions, with “hundreds of thousands of victims” worldwide. The FBI, which coordinated with Google and Lumen’s Black Lotus Labs, seized several domains and Shopify storefronts used by the criminals. An FBI spokesperson told Bitcoin World that since July 2023, the phishing platform enabled the theft of at least 3.87 million stolen credit cards, corresponding to an estimated $1.9 billion in losses.

Google’s complaint revealed that the cybercriminals stole at least 36,000 payment cards issued by financial institutions across 95 countries. The stolen data included passwords, multi-factor authentication codes, and credit card numbers, transmitted in real-time through the Outsider platform.

Inside the criminal network’s structure

Google’s investigation uncovered a highly organized operation with specialized roles: developers who maintain the phishing software, data brokers who supply target lists from public records and data breaches, spammers who operate smartphone banks and SIM cards to send bulk texts, and money launderers who monetize stolen credentials. The group coordinated openly on Telegram channels, sharing strategies and training each other.

The Outsider software offered more than 290 pre-built templates that could generate replicas of legitimate websites in minutes. The criminals also used Google Drive and Google Cloud infrastructure to host phishing sites, a fact Google highlighted in its complaint.

Legal action and industry collaboration

Google is seeking compensatory and punitive damages, along with a court order to shut down the operation. The company accused the defendants of impersonating Google and its brands, copyright infringement, racketeering, wire fraud, and false advertising. Google has been collaborating with AT&T, T-Mobile, and Verizon to block scam texts, and is coordinating with the FBI.

The lawsuit underscores the growing threat of AI-enabled cybercrime, where generative AI tools lower the barrier for attackers to create convincing phishing campaigns at scale. Google’s use of AI to counter these threats — detecting and alerting users to suspicious calls and messages — represents an escalating arms race between security teams and cybercriminals.

Why this matters for consumers

This case highlights the importance of vigilance against unsolicited text messages, even those that appear to come from trusted brands. Consumers should avoid clicking links in unexpected texts, enable multi-factor authentication where possible, and report suspicious messages to their mobile carrier and platforms like Google. The scale of the operation — with millions of phishing URLs detected in a five-month period — shows that AI-powered scams are becoming more sophisticated and harder to detect.

FAQs

Q1: What is Outsider Enterprise?
Outsider Enterprise is an alleged Chinese cybercrime network that developed and sold a phishing software platform called Outsider. The platform allowed criminals to create AI-generated fake websites and send bulk scam text messages to steal passwords and credit card numbers.

Q2: How did AI play a role in this scam?
The Outsider software used AI, including Google’s Gemini, to generate code and website templates that mimicked legitimate brands. This enabled attackers with limited technical skills to create convincing phishing pages quickly and at scale.

Q3: What should I do if I receive a suspicious text message?
Do not click any links. Report the message to your mobile carrier and to Google (if using Android). Enable multi-factor authentication on your accounts and consider using a password manager. If you believe you have been scammed, contact your bank immediately and file a report with the FBI’s Internet Crime Complaint Center (IC3).

This post Google sues Chinese cybercrime ring that used AI to scam hundreds of thousands of victims first appeared on BitcoinWorld.