"Our civil lawsuit targets an organized cybercrime operation known as the 'Outsider Enterprise'. Based in China and coordinating through Telegram, this network distributes 'phishing kits' that allow criminals to blast out fake text campaigns that look like they’re from Google and other trusted brands," Google says.
The takedown: FBI, Google, and Black Lotus Labs move to dismantle Outsider Enterprise
In a coordinated action, the FBI, working with Google and Black Lotus Labs, dismantled a large-scale phishing-as-a-service operation the partners have named Outsider Enterprise. The technical phase of the disruption seized multiple administration servers, a Shopify e-commerce storefront used by the operation, and an account the threat actor used to test the phishing service. Authorities also took control of a Telegram bot linked to Outsider Enterprise that contained information on customers of the phishing service.
Financially, investigators seized roughly $100,000 in USDT from Outsider payment wallets. Thousands of phishing domains that the threat actor registered at U.S. providers are now redirecting to an FBI splash page. The action is part of the FBI's larger Operation Riptide that targets cybercrime activity and infrastructure.
Scale and technique: AI-assisted phishing, distributed kits, and SMS campaigns
Google tied the operation to roughly 9,000 fake websites and said Outsider Enterprise generated more than a million fraudulent URLs. The service has been active since at least 2023 and used AI and distributed phishing kits to run campaigns impersonating trusted brands. Those campaigns included SMS text messages sent through AT&T, T-Mobile, and Verizon and relied on mass distribution to reach potential victims.
Over a two-week period in May, Google reports the Outsider infrastructure sent 2.5 million SMS messages to Android users; Android users flagged 55,000 of those messages as fraudulent. Google said the AI-assisted phishing operation has impacted hundreds of thousands of users worldwide.
Financial consequences: card theft and estimated losses
Authorities believe phishing campaigns powered by Outsider Enterprise led to the theft of more than 3.8 million credit card records. That theft is associated with an estimated $1.9 billion in losses. Separately, Google estimates that hundreds of thousands of victims lost millions to these scams—figures the company used to justify combined technical, legal, and policy responses.
Legal strategy and industry coordination
Google has filed a civil lawsuit targeting Outsider Enterprise’s infrastructure and said it is coordinating with AT&T, T-Mobile, and Verizon to block fraudulent messages before they reach subscribers. The company described its approach as pairing "aggressive legal action and collaboration with federal and state governments" to disrupt the network distributing phishing kits.
Google is also advocating for seven bipartisan U.S. anti-scam bills, including the Stop SCAMS Act. The Stop SCAMS Act would require the FBI to lead a coordinated national anti-scam strategy that brings together federal agencies, law enforcement, and private companies to better track, disrupt, and prevent fraud and scam operations.
What this means for technologists, policymakers, and end users
- Technologists and security teams: Outsider Enterprise shows AI can be folded into distributed phishing kits at scale. Security teams will need to factor large volumes of SMS vectors into detection and response plans and consider coordination points with providers and platforms that host domains and payment flows.
- Policymakers and regulators: The operation has sharpened industry calls for legal tools and a national anti-scam strategy. Google’s push for bills such as the Stop SCAMS Act signals a preference for statutory coordination led by the FBI, coupled with civil litigation to disrupt infrastructure.
- End users and telecoms: Google highlighted built-in Android protections—AI-powered defenses that include scam detection for calls and messaging protections that the company says block more than 10 billion malicious messages every month. Meanwhile, AT&T, T-Mobile, and Verizon are coordinating with Google to block fraudulent SMS before delivery to subscribers.
The takedown of Outsider Enterprise represents a blended response: technical seizure of infrastructure and funds, civil legal action, and operational coordination with telecommunications providers. It also underscores a persistent disparity — law enforcement seized about $100,000 in cryptocurrency even as investigators link the network to $1.9 billion in estimated losses and 3.8 million stolen card records. Whether the combined technical, legal, and policy steps now being pursued will blunt AI-assisted phishing at scale remains an open, consequential question.
Source: BleepingComputer — FBI disrupts massive AI-powered phishing service using a million URLs
