Google has filed a civil lawsuit against a China-based cybercrime group known as the Outsider Enterprise, alleging the group used its Gemini AI system to conduct large-scale phishing operations. The lawsuit, submitted on June 12, 2026, claims the Outsider Enterprise mass-produced phishing websites and sent millions of fraudulent text messages targeting Android users, impersonating well-known entities such as Google, YouTube, and the U.S. Postal Service.
The complaint states that the group aimed to deceive individuals into revealing sensitive information, including passwords and payment details, as part of a phishing-as-a-service model. In May, the Outsider Enterprise reportedly sent approximately 2.5 million scam messages in a two-week period, generating about 55,000 spam complaints, according to information shared on Google’s security blog.
Google identified around 9,000 fake websites and over 1 million fraudulent URLs linked to the phishing operation. Members of the Outsider Enterprise allegedly utilized Gemini to generate phishing landing pages with customized code that mimicked offers and verification processes. The operation purportedly provided tools, templates, and dashboards that enabled non-technical users to execute phishing campaigns on a large scale.
In collaboration with the FBI and external security researchers, Google has seized several domains associated with the Outsider Enterprise’s activities. Furthermore, Google is partnering with major telecommunications companies including AT&T, T-Mobile, and Verizon to block scam traffic at the carrier level, while also employing AI-based systems to detect and intercept malicious messages before they reach users’ devices.
Google’s lawsuit includes allegations of racketeering, wire fraud, trademark infringement, copyright infringement, and false advertising. The company is seeking injunctive relief and damages to dismantle the phishing infrastructure and prevent future scams, which it describes as a critical component of its ongoing efforts to combat online fraud.
Federal agencies, including the U.S. Postal Inspection Service, emphasize caution regarding suspicious text messages, urging recipients not to click on links or share personal information. Authorities recommend forwarding dubious texts to 7726 (SPAM) and reporting incidents to the FTC to help trace and shut down fraudulent campaigns.
Legal experts view this lawsuit as a significant test case regarding AI’s role in facilitating criminal activities and its implications for future litigation and regulatory frameworks addressing automated scams.
