📰 Key Highlights
Google announced this Friday that it is suing a Chinese cybercrime group called “Outsider Enterprise,” demanding the complete takedown of its criminal infrastructure. According to Google’s accusations, the group set up 9,000 fake websites, registered over one million fraudulent domains, and sent 2.5 million phishing text messages to Android users within just two weeks — with 55,000 of those actively reported by users in May alone, averaging more than two reports per minute.
At the core of Outsider Enterprise is a phishing-as-a-service (PhaaS) software called “Outsider,” priced at $88 per week or $200 per month, which anyone can operate without any technical background. The platform uses AI tools including Google’s own Gemini to automatically generate fake websites that impersonate telecom providers, financial institutions, government agencies, and retailers, tricking victims into entering passwords, multi-factor authentication codes, and credit card details, which are instantly forwarded to the scammers.
Since July 2023, this platform has helped criminals steal an estimated 3.87 million credit cards, causing approximately $1.9 billion in losses, with the number of victims reaching “hundreds of thousands.” The FBI, in coordination with Google and Black Lotus Labs (a division of Lumen), has seized multiple involved domains and Shopify store accounts. Google stated that it has deployed AI anti-fraud tools, blocking over 10 billion scam messages per month, and continues to collaborate with AT&T, T-Mobile, Verizon, and the FBI.
💬 JudyAI Lab’s Take
What makes Google’s lawsuit against “Outsider Enterprise” most noteworthy is the systematic weaponization of AI tools by criminals — 9,000 fake websites set up in two weeks, with more than two phishing reports per minute, a speed that completely exceeds human review capabilities.
This case reveals a crack that the AI builder community must confront: Outsider’s PhaaS platform itself uses AI — including Gemini — to automatically generate fake websites, allowing people with no technical background to launch large-scale attacks for just $88 per week. AI has significantly lowered the attack barrier, while also forcing defenders to respond with even faster AI. Google’s monthly blocking of over 10 billion scam messages demonstrates the possibility of scaled defense. We’ve observed that when crime-as-a-service starts integrating generative AI, “trust boundary” design must take priority over feature iteration.
If you’re developing any AI application involving brand representation or user authentication, it’s worth asking now: Could your tool be used to clone itself? This isn’t hypothetical — based on this case, the answer is almost certainly yes.
📅 Source Information
- Published: 2026-06-12T20:38
- Original Source: https://techcrunch.com/2026/06/12/chinese-cybercrime-operation-that-used-ai-to-scam-hundreds-of-thousands-of-victims-sued-by-google/