Google has taken legal action to dismantle the infrastructure of what it describes as a large-scale cybercrime operation fueled by artificial intelligence. The tech giant announced a lawsuit on Friday targeting a suspected Chinese cybercrime network known as Outsider Enterprise, which allegedly uses AI to send scam text messages impersonating Google and other brands, aiming to steal passwords and credit card numbers. According to Google, this operation has financially defrauded "hundreds of thousands of victims," resulting in losses "estimated in the millions." The group reportedly created 9,000 fake websites, one million fraudulent web domains, and sent 2.5 million texts to Android users within just two weeks. Google noted that "55,000 spam texts were flagged by Android users in just two weeks this past May—that's more than two text spam complaints a minute."

Google stated that it employs "AI-powered tools to fight AI-powered scams," enabling the company to detect fraudulent activities and alert users to suspicious calls and text messages. This approach has led to the interception of over 10 billion scam messages monthly. The company has been working with AT&T, T-Mobile, and Verizon to block these scam texts and is coordinating with the FBI. A Google spokesperson said that since July 2023, Outsider Enterprise's phishing platform has allowed cybercriminals to steal "at least an estimated 3,870,000 stolen credit cards and a corresponding estimated $1.9B in losses."

**Inside Outsider Enterprise**

In the complaint filed with the lawsuit, Google detailed the evidence it has gathered against individuals involved in Outsider Enterprise, whom it describes as foreign-based cybercriminals whose true identities remain unknown. The group "built, maintains, and uses a turn-key, online software suite that enables criminals, regardless of technical skill, to publish fraudulent websites designed to rob victims and enrich themselves," according to the complaint. Google referred to this software as a "phishing-for-dummies" tool called Outsider, which costs $88 per week or $200 per month. It allows operators to create fake websites using AI platforms, including Google's own Gemini. These fake sites impersonate various services and companies, such as telecom providers, financial institutions, government agencies, and retailers. To lure victims, the cybercriminals collaborate to send malicious text messages or purchase ads. Their common goal is to steal passwords, multi-factor authentication codes, and financial information by capturing data that victims enter into the fake websites, which is then transmitted through Outsider's platform in real time.

"Part of the Outsider software's appeal is the ease with which someone with limited technical expertise—like many members of the Enterprise—can purchase the software, execute various phishing attacks, and, upon purchase, meet other members of the Enterprise who are proficient in other areas," Google wrote, referencing Telegram channels where the cybercriminals collaborate, train each other, discuss strategies, and develop phishing attacks. "The Enterprise brazenly coordinates its efforts in open and largely uncoded discussions on Telegram."

According to Google, the Outsider platform allegedly offers cybercriminals "more than 290 pre-built templates that mimic the legitimate websites," enabling them to generate replicas of real websites "in minutes." It also provides guides on how to "weaponize AI-generated code" and a dashboard to track the progress of phishing campaigns. The cybercriminals have reportedly used Google Drive and Google Cloud infrastructure to host the phishing websites. "The Outsider software has been used to create over a million phishing websites to swindle innocent victims out of millions of dollars," Google wrote in the complaint. To illustrate the scale of Outsider Enterprise's operation, Google noted that over a five-month period, from November 14, 2025, to April 14, 2026, it detected more than 1.59 million URLs linked to the network. Google said the Outsider Enterprise operation consists of several groups: those who develop and maintain the phishing software and website templates; those who supply lists of targets curated from public records, social media, and data breaches; a "spammer group" that provides tools and infrastructure for bulk scam texts, including smartphone banks, SIM cards, and modems; and those who monetize stolen credentials and launder the stolen money.

The cybercriminals have stolen "at least 36,000 payment cards issued by financial institutions in 95 countries," according to Google. The company accused the individuals behind Outsider Enterprise of impersonating Google and its brands, copyright infringement, racketeering, wire fraud, and false advertising. Through the lawsuit, Google is seeking compensatory and punitive damages, as well as an order to halt the criminals' activities. This story was originally published at 10:26 a.m. PDT and has since been updated with new information from Google's complaint and the FBI's comment.