Google has filed a lawsuit against Outsider Enterprise, a suspected Chinese cybercrime network behind a large-scale AI-powered phishing operation targeting hundreds of thousands of users in India and globally. The group used Google’s own AI technology to generate fraudulent websites and scam millions of dollars from victims.
- Used Google’s Gemini AI to create massive phishing campaign
- Over 1.5 million URLs linked to cybercrime detected by Google
- India ranks second globally in cybercrime complaints in 2025
What happened
Google has sued Outsider Enterprise, identifying it as a Chinese cybercrime group that used the company’s Gemini AI system to orchestrate an extensive phishing scam. The lawsuit alleges that the hackers built approximately 1 million fraudulent web domains and 9,000 fake websites impersonating companies like Google and YouTube, as well as government services such as the US Postal Service and New York’s E-ZPass. Scammers also sent 2.5 million fraudulent text messages to Android phone users in just a two-week period in May 2026 alone.
From November 2025 through April 2026, Google detected over 1.59 million URLs tied to Outsider Enterprise’s scam efforts. The group’s operations involved multiple interconnected criminal subgroups, leveraging online forums on platforms like Telegram to facilitate phishing attacks by allowing individuals with limited technical skills to purchase and employ scam software effectively.
Why it matters
This case underscores the growing use of AI by cybercriminals to scale and automate phishing and fraud attacks, sharply increasing their reach and complexity. AI-generated content, such as fake websites and messages, allows scammers to produce convincing impersonations with minimal effort, putting millions of users at risk. The scale of financial losses attributed to AI-related cybercrime is already significant, with US losses in 2025 reaching nearly $900 million and global losses rising dramatically.
India, the geographic focus, ranks second worldwide in reporting cyber-enabled crimes, highlighting regional vulnerability to these sophisticated attacks. The rising incidence of cybercrime against minors, fueled by online exploitation schemes, has prompted multiple countries including India to consider stricter social media restrictions for underage users, reflecting broader concerns about digital safety and regulation amid the AI cybercrime surge.
What to watch next
Google’s legal action against Outsider Enterprise may set a precedent for holding AI-related cybercrime groups accountable and encourage further collaboration between tech companies and law enforcement agencies. Tracking how governments and platforms respond through new regulatory frameworks or enhanced security measures will be critical in determining whether such tactics can curb the rise of AI-powered scams.
Additionally, attention will focus on how malicious actors continue to exploit web-hosting services and advertising channels to amplify fraudulent campaigns. Recent instances of cloned websites using popular hosting platforms highlight the need for vigilance in protecting digital assets. Monitoring developments in AI abuse detection and user education initiatives will be essential for mitigating ongoing risks from AI-enhanced cyber threats.