Google is suing an alleged criminal operation based in China that it says used AI tools, including its own Gemini platform, to power a sprawling phishing enterprise responsible for millions of dollars in fraud and more than a million scam websites.
The lawsuit, filed in the U.S. District Court for the Southern District of New York, accuses a network known as the “Outsider Enterprise” of operating a sophisticated “phishing-as-a-service” platform that enabled criminals with little or no technical expertise to rapidly create convincing scam websites impersonating trusted companies, financial institutions, toll agencies, and government entities.
Recommended Stories
Google said the lawsuit marks the first time it has legally pursued bad actors allegedly misusing Gemini to facilitate scams against U.S. consumers. The company is also coordinating with the FBI and major telecom carriers including Verizon, AT&T, and T-Mobile in what it described as a broader effort to disrupt AI-driven fraud operations.
“You’ve seen the texts: fake package alerts, urgent bank warnings, panicked messages about your compromised account,” Google general counsel Halimah DeLaine Prado wrote in a blog post published alongside the lawsuit. “Behind them is an AI-powered cybercrime network built to steal your passwords and credit cards. Today, we’re fighting back.”
According to the complaint, the “Outsider” software suite allowed scammers to generate fraudulent websites using more than 290 prebuilt templates mimicking legitimate businesses and government agencies, including brokerage firms, mobile phone carriers, shipping companies, state DMVs, New York E-ZPass, and New York City government services.
The software allegedly enabled scammers to launch phishing campaigns for subscription fees as low as $88 per week while offering real-time dashboards, keystroke logging, automated credential harvesting, and tools to bypass multifactor authentication protections.
Google alleges the criminal network weaponized AI tools by using Gemini and other AI platforms to generate website code that could then be imported into the Outsider software and transformed into phishing sites.
“The Enterprise encourages scammers to use AI platforms, such as Google’s Gemini, to write the custom code necessary to create their shell websites,” the complaint states. “Using this method, Enterprise members can create convincing duplicates of virtually any legitimate website in minutes.”
The lawsuit includes screenshots from tutorial videos allegedly distributed within the operation and shows scammers prompting Gemini to create HTML code for “gift redemption” pages before importing the code into the phishing platform.
Google said the scale of the operation was “astonishing.” In the five-month period between November 2025 and April 2026 alone, the company said it detected more than 1.59 million URLs linked to the operation.
The company’s accompanying blog post said the operation generated more than 9,000 fake websites and over 1 million fraudulent URLs, while Android users flagged roughly 55,000 spam texts linked to the campaign during a two-week period in May. Google also said it detected 2.5 million messages sent to Android users containing links to what appeared to be Outsider-generated scam sites during that same period.
The complaint alleges the network operated through encrypted Telegram channels in which members collaborated on phishing attacks, sold access to victim data, coordinated mass text messaging campaigns, and distributed updates to the phishing software. Google identified one Telegram account, “@sinkinto01,” as allegedly tied to the developers behind the latest version of the software. According to the lawsuit, the group released the current version of Outsider in July 2025 and has since issued at least 75 updates to improve performance and evade fraud detection systems.
The company also alleged the scammers abused Google infrastructure itself. The complaint says the operation at one point integrated Google Drive functionality into the software to back up stolen financial and personal information directly to cloud storage accounts. Google said it later identified and blocked those accounts.
In addition to the lawsuit, Google announced support for seven bipartisan anti-scam bills, including legislation focused specifically on AI-enabled fraud. The bills include the National Strategy for Combating Scams Act, the STOP Scams Against Seniors Act, and the SCAM Act.
The FBI said the case highlights how artificial intelligence is accelerating the sophistication of cyber fraud schemes.
“The criminals behind the Outsider Enterprise built a business out of impersonating trusted brands to defraud hundreds of thousands of victims,” said FBI Cyber Division Assistant Director Brett Leatherman. “Criminals increasingly use AI to make fraud like this more convincing and harder to detect. Together with partners like Google, we can disrupt criminal networks in ways no single organization could on its own.”
Telecommunications companies also framed the lawsuit as part of a growing industrywide effort to combat AI-powered scams.
“As cybercriminals increasingly leverage advanced technologies like AI to execute sophisticated text-messaging scams, defeating these threats requires a unified, cross-industry response,” Verizon Chief Information Security Officer Nasrin Rezai said in a statement.
AT&T Chief Information Security Officer Rich Baich said the company already blocks or labels “billions of robocalls and spam texts every month using AI” and works with law enforcement to track spam operations to their source.
T-Mobile Executive Vice President and Chief Information Officer Jeff Simon said scammers were “moving faster and using more advanced tools,” adding that carriers were investing in “network-level protections and partnerships” to counter increasingly sophisticated phishing schemes.
Google said the lawsuit is part of a broader strategy combining legal action, product security defenses, and industry coordination. The company said its Android messaging systems already intercept more than 10 billion malicious messages every month and that Safe Browsing warnings significantly reduced traffic to phishing sites connected to the operation.
The complaint seeks damages and injunctive relief under the Racketeer Influenced and Corrupt Organizations Act, or RICO, and the Lanham Act.
