Google Sues China-Based Outsider Enterprise Over AI-Generated Phishing Sites and 1.5 Million Fraudulent URLs

Google has filed a civil lawsuit against a China-based network it calls Outsider Enterprise, saying the group used Gemini and other AI models to mass-produce phishing pages and scam texts. For PSPs and acquirers, the point is simple: the fraud factory is no longer limited by human production capacity, which changes both volume and speed.

1. According to Google’s complaint, filed in Manhattan federal court, Outsider Enterprise is linked to more than 9,000 fake websites and over 1.5 million fraudulent URLs. TechCrunch reported that Google says the network used Gemini and other AI tools to generate phishing sites at scale.
2. In a Friday, June 12 blog post announcing the lawsuit, Google said Android users flagged 55,000 spam texts tied to the operation during a two-week stretch in May. That works out to more than two complaints a minute, which is a useful reminder that phishing campaigns can hit infrastructure and support teams in bursts, not just in a steady trickle.
3. Google’s filing says members of Outsider Enterprise prompted AI models with requests framed as ordinary coding tasks. One cited example asked an AI model to write code for a gift redemption page, then used that output to turn it into a live scam site. The complaint says the platform bundled more than 290 prebuilt templates copying banks, telecom carriers, retailers and government agencies.
4. Google said the group sold access to a subscription-based “phish kit” for as low as $88 a week. According to the complaint, users could use it to create fraudulent websites, launch phishing campaigns, and steal credit card numbers, bank account credentials and personal data.
5. The complaint says the network operated like a business: one group built and maintained the phishing software and templates, another gathered target lists from public records, social media and past data breaches, a third handled SIM cards and modems for bulk text delivery, and a fourth monetized stolen credentials and laundered the proceeds through Telegram-coordinated channels.

TechCrunch reported that the FBI said Outsider Enterprise’s phishing platform has enabled the theft of at least 3.87 million credit card numbers and about $1.9 billion in losses since July 2023. Google said the recent campaign alone hit hundreds of thousands of victims, with losses estimated in the millions. The payment-industry takeaway is that AI is now part of the tooling for carding and credential theft, not just a novelty on the margin.