Google has filed a lawsuit against Outsider Enterprise, a China-based cybercrime network accused of running an AI-powered phishing operation that targeted Android users through text messages and fake websites. The company alleges the group used Google's Gemini AI to build fraudulent websites impersonating Google, YouTube, and government agencies, operating a phishing-as-a-service model via Telegram. Google said the network was linked to 9,000 fake websites, more than 1 million fraudulent URLs, and 2.5 million text messages sent to Android users, with about 55,000 spam texts flagged during a two-week period in May. This marks the first case in which Google has taken direct legal action against a group accused of using Gemini as part of a scam workflow. The lawsuit highlights the shift from abstract AI misuse concerns to documented fraud operations, as generative AI tools lower technical barriers for criminals seeking to scale phishing campaigns.
Outsider Enterprise Operated Phishing-as-a-Service via Telegram
Google said the group operated through Telegram and offered phishing-as-a-service tools to criminals who did not need advanced technical skills. The network allegedly provided instructions for using Google's Gemini AI to build fraudulent websites that imitated Google, YouTube, and government agencies, including New York's E-ZPass system.
Google said the group offered nearly 300 scam templates and was tied to 9,000 fake websites and more than 1 million fraudulent URLs. The campaign resulted in more than 2.5 million text messages being sent to Android users, including about 55,000 spam texts flagged during a two-week period in May.
The messages often warned users about account problems, package issues, toll payments, or other urgent claims. Victims who clicked the links were sent to fake websites designed to look legitimate, where attackers attempted to steal personal information, banking details, and payment credentials.
Gemini AI Allegedly Used to Generate Fraudulent Websites at Scale
The alleged use of generative AI changes the economics of phishing. Fraud pages that once required manual design work can now be produced faster, adapted across brands, and deployed through ready-made templates. That lowers the barrier for less technical criminals and allows scam networks to scale campaigns across thousands of URLs.
For technology companies, the case also highlights a difficult product tension. AI systems are built to follow instructions and generate polished outputs, but those same capabilities can be misused to produce convincing fake websites, customer-service messages, and brand impersonation pages. Stronger guardrails can reduce abuse, but attackers often look for indirect prompts, template reuse, or external workflows that bypass detection.
Google Coordinates with FBI and Telecom Carriers to Block Malicious Messages
Google said it is working with the FBI's cybercrime division on a parallel criminal investigation and has also coordinated with AT&T, Verizon, and T-Mobile to block malicious text messages linked to the campaign.
The company also pointed to its own product defenses. Google said its messaging tools intercept more than 10 billion malicious messages each month, while Android scam detection can flag suspicious calls and contacts in real time. Those defenses may have limited the number of successful phishing attempts, although Google did not estimate how much money was stolen through the Outsider Enterprise campaigns.
The challenge is that the group's operators remain unidentified. Even if names are eventually established, enforcement becomes harder when the alleged perpetrators are outside the United States. Google can pursue fraudulent domains, Telegram accounts, hosting infrastructure, and related assets, but the underlying operation may shift to new brands, new domains, or new delivery channels.
"Criminals increasingly use AI to make fraud like this more convincing and harder to detect," Brett Leatherman of the FBI Cyber Division said.
Google Backs Federal Legislation Targeting AI-Assisted Scams
Google is using the lawsuit to renew support for federal legislation aimed at AI-assisted scams, market manipulation, and public awareness. The company has backed several bipartisan proposals, including the National Strategy for Combating Scams Act, the Strategic Task Force on Scam Prevention Act, the AI Plan Act, and the Stop SCAMS Against Seniors Act.
Most of the proposed legislation would direct federal agencies to coordinate more closely on AI-enabled fraud, establish task forces, or improve public education around malicious uses of AI. That approach reflects a growing view that fraud prevention cannot be handled only through private platform moderation or after-the-fact lawsuits.
The broader policy problem is that AI-generated scams will become harder to identify as models improve. Public awareness campaigns may help users recognize common tactics, but attackers are likely to keep refining messages, pages, and impersonation techniques. That leaves large technology firms facing a dual burden: building AI products that people want to use while preventing those same tools from becoming infrastructure for industrial-scale fraud.
FAQ
What did Google accuse Outsider Enterprise of doing?
Google accused Outsider Enterprise, a China-based cybercrime network, of running an AI-powered phishing operation that used Google's Gemini AI to create fake websites impersonating Google, YouTube, and government agencies. The group allegedly operated a phishing-as-a-service model via Telegram, providing nearly 300 scam templates to criminals. Google said the network was linked to 9,000 fake websites, more than 1 million fraudulent URLs, and 2.5 million text messages sent to Android users.
How is Google working to disrupt the phishing operation?
Google said it is working with the FBI's cybercrime division on a parallel criminal investigation and has coordinated with AT&T, Verizon, and T-Mobile to block malicious text messages linked to the campaign. The company also stated that its messaging tools intercept more than 10 billion malicious messages each month, and Android scam detection can flag suspicious calls and contacts in real time. Google is pursuing fraudulent domains, Telegram accounts, and hosting infrastructure associated with the network.
What federal legislation does Google support to combat AI-assisted scams?
Google has backed several bipartisan proposals, including the National Strategy for Combating Scams Act, the Strategic Task Force on Scam Prevention Act, the AI Plan Act, and the Stop SCAMS Against Seniors Act. Most of the proposed legislation would direct federal agencies to coordinate more closely on AI-enabled fraud, establish task forces, or improve public education around malicious uses of AI.
