Google and the FBI have moved to dismantle one of the largest text message scam operations ever uncovered, a China based cybercrime network that turned Google's own Gemini AI into a phishing page factory. In a civil lawsuit filed in a Manhattan federal court on June 12, 2026, Google named the group Outsider Enterprise and accused it of running a phishing-as-a-service business, where the operators build the scam tools and rent them out, that let criminals around the world blast fraudulent texts at Americans for a weekly fee.
An industrial scale scam
The numbers are staggering. The FBI estimates that campaigns powered by the service stole 3.87 million credit card records and caused roughly 1.9 billion dollars in losses since July 2023. Google says it has linked the group to about 9,000 fake websites and more than a million fraudulent web addresses, and in a single two week stretch in May, Android users flagged 55,000 scam texts while the network pushed out around 2.5 million messages. More than 100,000 people are believed to have been scammed.
How it worked
Outsider sold a ready made phishing kit through a Telegram bot for 88 dollars a week or 200 dollars a month, putting convincing scams within reach of low skilled criminals. The messages used a technique known as smishing, phishing sent by SMS text, impersonating trusted brands to warn of a brokerage account problem or dangle a reward from the victim's mobile carrier, then funneling people to lookalike sites that harvested card numbers and logins. What sets the case apart is the AI angle. Google says the operators weaponized Gemini, its AI assistant, to mass produce those fraudulent pages by asking the model to generate innocent looking HTML, for example a gift redemption page, then repurposing the output to steal credentials.
The takedown
Google coordinated the disruption with the FBI and the Black Lotus Labs research team at Lumen Technologies. In a parallel law enforcement effort dubbed Operation Ghost Hook, the FBI seized core administrative domains, a Shopify storefront, thousands of phishing domains, and around 100,000 dollars from the group's cryptocurrency wallets. Google is also working with AT&T, T-Mobile, and Verizon to block Outsider linked texts before they reach phones.
What you should do
The defenses against smishing are unglamorous but effective. Never tap links in unsolicited texts about account problems, deliveries, or rewards, even when they cite a brand you use. Instead, open the company's app or type its address by hand, and be especially wary of any message that manufactures urgency around money. Report scam texts by forwarding them to 7726 (which spells SPAM), and turn on the spam protection built into modern Android and iPhone messaging. The action follows a run of takedowns and exposes of the phishing-as-a-service economy, from the Tycoon 2FA platform dismantled by Europol to the SniperDz service that industrialized social media fraud. Google's full account is in the original announcement.
This briefing is provided by IntelFusions for informational and defensive purposes only. It is based on sources assessed to be reliable at the time of writing, and analytic judgments carry the confidence levels indicated. Indicators of compromise are defanged; re-arm them only in controlled environments. IntelFusions is not affiliated with the organizations named and makes no warranty as to completeness or accuracy.