Google filed a lawsuit against Outsider Enterprise, a Chinese cybercrime group that allegedly used Google's Gemini AI to automate large-scale phishing scams targeting Android users. The group operated through Telegram, offering phishing-as-a-service with nearly 300 scam templates that enabled the creation of fraudulent websites mimicking Google, YouTube, and government agencies like New York's E-ZPass. According to Google's legal filing, the operation resulted in over 2.5 million malicious text messages sent to Android users, with approximately 55,000 messages delivered in a two-week period last month. The scams exploited Gemini's capabilities to generate convincing fake websites designed to steal personal data and banking details from victims who clicked on links claiming account problems or package delivery issues. Google is working with law enforcement and mobile carriers AT&T, Verizon, and T-Mobile to combat the network, which has been linked to 9,000 fake websites and 1 million URLs, with hundreds of people reportedly losing money to the schemes.
Outsider Enterprise Operated Phishing-as-a-Service Through Telegram
According to Google's legal filing, Outsider Enterprise provided phishing-as-a-service to individuals lacking technical expertise to independently set up fraudulent websites and text campaigns. In its Telegram channels, the group provided instructions on how to use Google's Gemini AI to create websites imitating those of Google, YouTube, and government agencies such as New York's E-ZPass. The group offered nearly 300 scam templates to its customers.
The text messages sent through the operation often made claims about account problems or issues with package delivery. When users clicked on the links, they were directed to fraudulent websites designed by Gemini to appear legitimate. The cybercriminals used these sites to steal personal data and banking details. Google's filing does not estimate the total amount of money stolen through Outsider Enterprise scams, but the company noted that hundreds of people lost money to the schemes.
Google Tracked 2.5 Million Scam Messages and 9,000 Fake Websites
Google reported that scams enabled by Outsider Enterprise resulted in more than 2.5 million text messages being sent to Android users. About 55,000 of those messages were sent in a two-week period last month. In total, Google has tracked 9,000 fake websites and 1 million URLs connected to the scam network.
Google Partnered With Mobile Carriers to Block Malicious Texts
Google worked with AT&T, Verizon, and T-Mobile to block many of the malicious text messages. Google stated that its on-device scam detection feature in Google Messages likely helped reduce the number of successful phishing attempts. According to the company, this AI-powered feature stops 10 billion scam texts every month.
FAQ
What did Google sue Outsider Enterprise for?
Google filed a lawsuit against Outsider Enterprise, a Chinese cybercrime group, for allegedly using Google's Gemini AI to automate phishing scams. The group operated a phishing-as-a-service operation through Telegram, providing nearly 300 scam templates that enabled the creation of fraudulent websites mimicking Google, YouTube, and government agencies to steal personal data and banking details from victims.
How many scam messages did Outsider Enterprise send?
According to Google's legal filing, scams enabled by Outsider Enterprise resulted in more than 2.5 million text messages being sent to Android users. Approximately 55,000 of those messages were sent in a two-week period last month. Google tracked 9,000 fake websites and 1 million URLs connected to the scam network.
How did Google respond to the Outsider Enterprise scam operation?
Google worked with mobile carriers AT&T, Verizon, and T-Mobile to block malicious text messages from the operation. The company also deployed its on-device scam detection feature in Google Messages, which the company states stops 10 billion scam texts every month, and is working with law enforcement to combat the network.
