Google sues 'Outsider', the AI phishing kit behind global scams
Google has sued a Chinese network whose $200-a-month kit and Gemini-built fake sites hit hundreds of thousands of victims. India, drowning in Android, has most to lose.
The News
Google filed a federal lawsuit on 12 June 2026 against a Chinese cybercrime network it calls Outsider Enterprise, accusing the group of running a phishing-for-hire business that has defrauded hundreds of thousands of people and caused losses running into the millions.
At the centre of the case is a subscription product named Outsider, described in the complaint as a turn-key software suite that lets even unskilled criminals spin up convincing fake websites. It rents for $88 a week or $200 a month and ships with more than 290 ready-made templates that mimic telecom operators, banks, retailers and government agencies. According to Google, the operators leaned on its own Gemini platform to help generate some of those counterfeit pages.
The numbers in the filing are striking. Google says the network stood up 9,000 fake websites, registered close to one million fraudulent domains, and blasted 2.5 million text messages to Android users in a single two-week stretch. Over five months, from 14 November 2025 to 14 April 2026, its systems flagged 1.59 million malicious URLs tied to the operation. The company is pursuing claims of brand impersonation, copyright infringement, racketeering, wire fraud and false advertising.
Why It Matters
This is the latest example of a large platform owner using civil litigation as a takedown weapon rather than waiting on criminal prosecutors who often cannot reach offshore actors. Google coordinated the disruption with AT&T, T-Mobile, Verizon, the FBI and Lumen's Black Lotus Labs, the same playbook the firm has used before against botnets and malware crews.
The deeper signal is that generative tools have collapsed the cost of building believable fraud. A scam page used to require a designer and a developer; now a $200 monthly subscription and a chatbot do the job. The FBI estimates that since July 2023, smishing crews of this type have stolen 3.87 million payment cards and inflicted roughly $1.9 billion in losses, with more than 36,000 cards lifted from institutions across 95 countries. When the marginal cost of a phishing kit approaches zero, volume becomes the entire business model.
Indian Angle
No market should read this filing more closely than India. Android accounts for the overwhelming majority of the country's smartphones, which makes Indian users precisely the audience Outsider's 2.5 million-message blasts were built to reach. Layer UPI's tap-speed payments on top, and a single click on a fake bank or electricity-board page can drain an account before the victim finishes reading the text.
India already lives this problem at scale. The Indian Cyber Crime Coordination Centre and the telecom department's Chakshu and Sanchar Saathi tools were created precisely because smishing, fake-KYC links and "digital arrest" frauds have become a daily hazard. A foreign phishing-as-a-service engine that mass-produces look-alike sites for banks and government portals maps directly onto the lures Indian victims already report.
There is a regulatory prompt here too. The RBI has pushed banks towards transaction monitoring and delayed-credit windows for new payees, while CERT-In and MeitY weigh tighter intermediary duties. Google's willingness to sue an offshore kit-maker suggests Indian platforms and telcos could be asked to act earlier in the chain, blocking domains and templates before the messages ever land.
FAQ
When was the lawsuit filed?
Google lodged the complaint in a United States federal court on 12 June 2026, naming the network as Outsider Enterprise. The defendants' real identities are not yet known, a common feature of cases targeting offshore cybercrime groups.
What did the AI actually do?
Google alleges the operators used its Gemini platform to help create fake websites impersonating legitimate brands. The fraud itself, including the 290-plus templates and mass texting, ran through the Outsider subscription suite rather than the model alone.
How large are the losses?
Google cites hundreds of thousands of victims and losses in the millions tied to this network. Separately, the FBI estimates that since July 2023 similar smishing operations have stolen 3.87 million cards and caused about $1.9 billion in losses.
Why does this matter for Indian users specifically?
India's heavy reliance on Android handsets and instant UPI payments makes its users a prime target for the exact text-message lures described in the filing. Tools like Sanchar Saathi and Chakshu exist to fight this, but enforcement still lags the scale of the threat.
This story was reported by TechCrunch. Read the full original coverage at TechCrunch.
Sources & Citations
Frequently Asked Questions
When was the lawsuit filed?
Google lodged the complaint in a United States federal court on 12 June 2026, naming the network as Outsider Enterprise. The defendants real identities are not yet known, a common feature of cases targeting offshore cybercrime groups.
What did the AI actually do?
Google alleges the operators used its Gemini platform to help create fake websites impersonating legitimate brands. The fraud itself, including the 290-plus templates and mass texting, ran through the Outsider subscription suite rather than the model alone.
How large are the losses?
Google cites hundreds of thousands of victims and losses in the millions tied to this network. Separately, the FBI estimates that since July 2023 similar smishing operations have stolen 3.87 million cards and caused about 1.9 billion dollars in losses.
Why does this matter for Indian users specifically?
Indias heavy reliance on Android handsets and instant UPI payments makes its users a prime target for the exact text-message lures described in the filing. Tools like Sanchar Saathi and Chakshu exist to fight this, but enforcement still lags the scale of the threat.