Google just took an alleged Chinese cybercrime ring to court, and the numbers behind the case are staggering. On Friday the company filed suit to dismantle a network it calls Outsider Enterprise, a group that used AI to send scam texts impersonating Google and other brands to steal passwords and credit card numbers, according to TechCrunch AI. Google says the operation scammed “hundreds of thousands of victims,” with losses running into the millions.
What stands out here is the scale and the tooling. This wasn’t a handful of hackers. It was an organized, AI-assisted phishing machine sold like a subscription product.
What Google says happened
In its complaint, Google laid out a turn-key software suite called Outsider that lets criminals with little technical skill spin up fraudulent websites. TechCrunch AI reports the software runs $88 a week or $200 a month, and it leans on AI platforms, including Google’s own Gemini, to generate fake sites in minutes.
The fake pages mimic telecom providers, banks, government agencies, and retailers. Victims get lured in by malicious texts or paid ads, type in their credentials and multi-factor codes, and that data flows straight to the scammers in real time.
The footprint Google describes:
- 9,000 fake websites and roughly one million fraudulent domains
- 2.5 million scam texts sent to Android users in a two-week stretch
- More than 290 pre-built templates that clone real sites
- Over 1.59 million connected URLs detected between November 2025 and April 2026
Google also says the group used Google Drive and Google Cloud to host phishing sites, and coordinated openly on Telegram, where members trained each other and traded stolen card data.
The FBI puts a price on it
This isn’t just a civil spat. An FBI spokesperson told TechCrunch AI that the bureau, working with Google and Lumen’s Black Lotus Labs, seized several domains plus Shopify storefronts tied to the operation.
The federal estimate is the part that should grab attention. Since July 2023, the FBI says Outsider’s platform enabled the theft of at least 3.87 million credit cards and roughly $1.9 billion in losses. Google’s own count includes at least 36,000 payment cards from financial institutions across 95 countries.
Why this matters
This is significant because it shows how AI lowers the bar for crime. Phishing used to require some skill. Now, as Google frames it, this is “phishing-for-dummies,” where anyone with $200 and a Telegram account can run a professional-grade scam operation.
The defense side tells the same story in reverse. Google says it now uses “AI-powered tools to fight AI-powered scams,” intercepting more than 10 billion scam messages a month. So both attackers and defenders are racing to automate. The criminals scale up fake sites, and the platforms scale up detection. We’re watching an AI arms race play out in your text inbox.
There’s also a structural lesson here. Google describes Outsider Enterprise as a layered business: developers who build the software, suppliers who curate target lists from breaches and social media, a “spammer group” running SIM banks and modems, and money-laundering crews on the back end. That looks less like hacking and more like a franchise.
What to watch next
Google is seeking compensatory and punitive damages plus an order to shut the operation down. The defendants are described as foreign-based criminals whose real identities are unknown, which means enforcement will be tough even if Google wins on paper.
A few things worth tracking:
- Legal precedent: Google accuses the group of racketeering, wire fraud, copyright infringement, and false advertising. How courts treat AI-assisted phishing here could shape future takedowns.
- Platform accountability: The scammers allegedly used Gemini, Drive, and Cloud. Expect more pressure on AI providers to detect abuse of their own tools.
- Your own exposure: Treat unexpected texts from “your bank” or “your carrier” as hostile by default. Never enter credentials or MFA codes on a link you didn’t request.
The takedown is a real win, but the playbook is now public knowledge. For the full complaint and the FBI’s comments, check the original report at TechCrunch AI.