- Legal Action: Google filed a lawsuit targeting alleged Outsider Enterprise scam infrastructure.
- Fraud Mechanism: The alleged operation used AI-assisted phishing kits, Telegram coordination, and fake brand websites.
- Android Scale: Google links the campaign to 55,000 flagged spam texts and 2.5 million related messages.
- Disruption Push: Google says it is working with the FBI and major carriers to block malicious texts.
Google has filed a civil lawsuit to target infrastructure tied to the alleged China-based scam operation it calls Outsider Enterprise. AI appears in the case as a content-generation tool for phishing kits and impersonation sites.
Google links the operation to hundreds of thousands of financially scammed victims, millions in estimated losses, 9,000 fake websites, and more than one million fraudulent URLs.
During a two-week period in May, Android users flagged 55,000 spam texts tied to the operation. Google also says 2.5 million related messages reached Android devices in that period.
Alleged Scam Infrastructure and Court Pressure
Outsider Enterprise is the name Google gives to the alleged scam operation. Google alleges the group is based in China, coordinates through Telegram, and distributes “phishing kits” for fake text-message campaigns that impersonate Google and other trusted brands. A phishing kit is a ready-made package for building fake pages that steal credentials or payment details, and smishing is text-message phishing that pushes those links toward victims.
Google appears is seeking an injunction request while the civil case proceeds.
The campaign appears to have used Gemini to create websites imitating Google, YouTube, the US Postal Service, and New York’s E-ZPass toll service.
Brett Leatherman, assistant director of the Federal Bureau of Investigation’s (FBI) Cyber Division, characterized the operation as a trusted-brand impersonation business that harmed hundreds of thousands of victims. Domains, kits, Telegram channels, and message paths become legal pressure points because the lawsuit can target infrastructure even if individual alleged operators remain outside easy reach.
Why AI Phishing Scales Across Mobile Channels
AI-assisted phishing can make convincing scams cheaper to create and easier to spread across channels. Hoxhunt’s 2026 phishing research covered more than 50 million data points and four million users, focusing on messages that bypassed other security filters. David Badanes, Human Risk Leader at Hoxhunt, said “AI has democratized high-quality phishing.”
Hoxhunt’s research uses information that bypasses all other security filters, which makes the dataset useful for understanding what end users actually see.
In Hoxhunt’s dataset, AI-generated phishing emails increased fourteenfold in December 2025. Phishing attacks are also spreading beyond email into LinkedIn, social media, WhatsApp, recruitment platforms, calendar invites, and callback scams.
Mobile users face a practical disadvantage because smaller screens hide full URLs and sender details, and reporting suspicious messages is harder on mobile devices. A 2025 case involving AI-generated phishing websites showed how generative tools can produce polished fake sign-in pages for trusted-brand impersonation. Attackers in that case abused Vercel’s v0 design tool and hosted convincing replicas on trusted infrastructure, which made visual inspection less reliable.
Google, the FBI and Carriers Push Disruption
Google is working with the FBI and carriers that include AT&T, T-Mobile, and Verizon. Google says that work is meant to block malicious texts before they reach users. Earlier phishing-as-a-service toolkits already showed how subscription models and Telegram distribution lowered the skill barrier for criminal campaigns.
2FA-style infrastructure in an earlier campaign intercepted credentials and session cookies, illustrating why ready-made kits can turn trusted-brand lures into account-takeover risks.
Leatherman tied the response to the way AI changes fraud operations.
“Criminals increasingly use AI to make fraud like this more convincing and harder to detect. Together with partners like Google, we can disrupt criminal networks in ways no single organization could on its own.”
Brett Leatherman, assistant director of the FBI’s Cyber Division (via Google)
A court ruling on Google’s restraining-order request will decide whether domain and delivery-channel pressure becomes part of the case before any findings on Outsider Enterprise’s operators or AI use.
