Google Takes Legal Action Against Outsider Enterprise for Weaponizing Gemini AI in Massive Smishing Operation

Weaponizing Gemini: How AI Abuse Was Disguised

The most novel and troubling aspect of the Outsider Enterprise operation was its systematic abuse of generative AI. Criminals didn't need to know how to code; they just needed to know how to ask. The group instructed its members to use Gemini and other AI chatbots to generate the HTML, CSS, and JavaScript code for fake phishing websites by disguising their prompts as harmless, generic programming requests . A member might ask Gemini to "create a login page for a tech company" or "build a customer support portal"—requests that appeared legitimate on their face. The AI would then output the functional code, which the scammers hosted on fraudulent domains to create convincing impersonation pages for Google, YouTube, government agencies, and other trusted brands . This technique dramatically lowered the technical barrier for criminals, allowing them to rapidly scale their operations.

The Business of Crime: Monetizing Fraud via Telegram

The enterprise operated as a subscription-based crimeware business, with all sales and distribution funneled through a fully automated Telegram bot. This self-service ordering platform made launching a sophisticated phishing campaign as easy as signing up for a streaming service . Key features of the "Outsider" kit included:

• Subscription Licenses: Access to the full PhaaS kit started at $88 per week .
• Pre-Built Templates: The platform offered more than 290 impersonation templates covering major brands, banks, government agencies, and mobile carriers .
• Built-in Keystroke Logging: The phishing pages were embedded with code to capture all keystrokes, harvesting credentials in real time .
• Campaign Dashboard: Customers could track their campaigns' performance metrics—including texts sent, link clicks, and credentials stolen—in real time .

The Human and Financial Toll: Documenting the Damage

The scale of the alleged fraud is staggering. Google's investigation and the lawsuit detail the enormous harm caused by the Outsider Enterprise:

• Over 100,000 victims were directly scammed .
• Financial losses are estimated in the millions of dollars .
• The group created more than 9,000 fake websites impersonating trusted brands .
• They generated over 1.59 million fraudulent URLs .
• In just a two-week period, the spammers sent 2.5 million malicious SMS texts to Android users . The number of stolen payment cards was estimated at 36,000, spanning financial institutions across 95 countries .

A Coordinated Counteroffensive: Google, Carriers, and the FBI

The response to the Outsider Enterprise was a coordinated, multi-pronged effort combining civil litigation with network-level defense and federal law enforcement.

• The Lawsuit: Google's civil suit, filed on June 12, 2026, seeks a restraining order to dismantle the network's infrastructure and is brought under the Racketeer Influenced and Corrupt Organizations Act (RICO), the Lanham Act, and the Computer Fraud and Abuse Act . This is Google's first-ever lawsuit over misuse of its AI products .
• Carrier-Level Defense: Google worked directly with AT&T, T-Mobile, and Verizon to identify and block the fraudulent text messages at the network level before they could reach users .
• Federal Law Enforcement: The FBI conducted separate criminal enforcement actions, including seizing domains and over $100,000 in proceeds as part of an operation codenamed "Operation Ghost Hook" . Google stated it "coordinated with the FBI, who will be taking law enforcement actions" .

Google's aggressive legal stance, combined with its push for updated federal legislation like Rep. Josh Harder’s Stop SCAMS Act, signals that the era of AI-powered crime has met a new threshold of corporate and governmental response .