Google has filed a federal lawsuit against Outsider Enterprise, a Chinese cybercrime syndicate accused of leveraging the company’s own Gemini AI to automate sophisticated phishing campaigns. The legal action marks a significant escalation in Big Tech’s efforts to combat AI-enabled fraud.
Operating primarily through Telegram, Outsider Enterprise offered "phishing-as-a-service" to non-technical criminals. The group provided nearly 300 templates and instructions on using Gemini to generate fraudulent websites mimicking legitimate entities, including Google, YouTube, and New York’s E-ZPass system.
The scale of the operation was substantial. Google’s filing reveals that the network generated over 2.5 million malicious text messages sent to Android users, with approximately 55,000 dispatched in a single two-week period last month. Investigators have identified 9,000 fake websites and one million associated URLs linked to the scheme.
Victims received texts alleging account issues or delivery problems. Clicking the links directed them to AI-generated sites designed to harvest personal data and banking credentials. While Google did not specify total financial losses, it confirmed hundreds of individuals suffered monetary theft.
In response, Google collaborated with major carriers AT&T, Verizon, and T-Mobile to block malicious traffic. The tech giant also highlighted its on-device scam detection in Google Messages, which currently intercepts an estimated 10 billion scam texts monthly, likely mitigating further damage from this specific network.