The Federal Bureau of Investigation, working alongside Google and Black Lotus Labs, has dismantled a large-scale Chinese phishing-as-a-service operation known as Outsider Enterprise.
According to investigators, the cybercrime network has been active since at least 2023 and operated thousands of phishing websites designed to steal credit card information, account credentials, and other sensitive data. The group used artificial intelligence to create and distribute phishing kits that enabled cybercriminals to launch text message scams impersonating trusted brands.
Authorities say the operation relied on SMS campaigns delivered through major U.S. carriers, including AT&T, T-Mobile, and Verizon.
Google linked the operation to more than 9,000 fake websites and over one million fraudulent URLs. Investigators believe the phishing campaigns resulted in the theft of more than 3.8 million credit card records, causing an estimated $1.9 billion in financial losses worldwide.
The coordinated disruption is part of the FBI’s broader Operation Riptide initiative, which targets cybercrime infrastructure and organized online fraud networks.
As part of the takedown, authorities seized multiple administration servers, a Shopify storefront used by the threat actors, and accounts used to test phishing campaigns. The FBI also confiscated approximately $100,000 in USDT from wallets connected to the operation and redirected thousands of phishing domains registered through U.S. providers to FBI warning pages.
Investigators additionally gained control of a Telegram bot used by Outsider Enterprise that contained information about customers who purchased access to the phishing service.
Google said the AI-assisted operation affected hundreds of thousands of users globally and has filed a civil lawsuit targeting the group’s infrastructure. The company is also collaborating with telecommunications providers to block fraudulent text messages before they reach subscribers.
In a statement, Google said Outsider Enterprise coordinated its activities through Telegram and distributed phishing kits that allowed criminals to launch large-scale SMS campaigns impersonating Google and other well-known brands.
During two weeks in May, Google identified 2.5 million scam text messages sent to Android users from infrastructure linked to the operation. Android users reported approximately 55,000 of those messages as fraudulent.
Google estimates that hundreds of thousands of victims have lost millions of dollars through these scams.
The company said it is combining legal action with government partnerships and is supporting several bipartisan U.S. anti-fraud proposals, including the Stop SCAMS Act. The proposed legislation would require the FBI to lead a coordinated national strategy involving federal agencies, law enforcement, and private companies to improve scam detection, disruption, and prevention efforts.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
Google also highlighted existing AI-powered protections for Android users, including scam detection features that warn about suspicious calls and messaging protections that block more than 10 billion malicious messages each month.
FBI, Google Dismantle Massive AI-Powered Chinese Phishing Network Linked to $1.9 Billion in Losses
