In a coordinated effort, the FBI, working with Google and Black Lotus Labs, dismantled China’s largest phishing operation called Outsider Enterprise with thousands of phishing websites used to steal credit card data and passwords.
Cybercriminals used AI and distributed phishing kits in campaigns that faked various types of trust in documents sent through AT&T, T-Mobile, and Verizon.
Outsider Enterprise has been active since at least 2023 and operates on a massive scale, with Google linking 9,000 fake websites and more than a million fake URLs.
Authorities believe that phishing campaigns sponsored by Outsider Enterprise led to the theft of more than 3.8 million credit card records, resulting in an estimated loss of $1.9 billion.
[subtitle]The action against Outsider Enterprise has both technical and legal components and is part of the FBI’s larger Operation Riptide targeting cyber and infrastructure crime.
During the technical takedown, the FBI and partners seized multiple administration servers, Shopify’s e-commerce storefront, and an account the threat actor used to test the phishing service.
The agency also seized nearly $100,000 USDT from foreign payment wallets. Thousands of phishing threat actor domains registered to US providers are now redirecting to the FBI page.
source: FBI
The agency also seized a Telegram bot linked to Outsider Enterprise that contained information about customers of the phishing service.
According to Google, AI-assisted phishing has affected hundreds of thousands of users around the world.
The tech giant has filed a civil lawsuit targeting the service’s infrastructure, and is contacting telecommunications service providers AT&T, T-Mobile, and Verizon to block the fake messages before they reach subscribers.
“Our legal case targeted a cybercriminal operation known as ‘Outsider Enterprise’. Based in China and linked via Telegram, this network distributes “phishing tools” that allow criminals to launch fake text campaigns that appear to be from Google and other trusted brands,” Google said.
In a two-week period in May, Google says a total of 2.5 million SMS messages were sent to Android users from the Outsider Enterprise infrastructure. Android users have flagged 55,000 of them as fake.
The company estimates that hundreds of thousands of victims lost millions in these scams.
Google uses this opportunity “to consolidate aggressive legal action and cooperation with state and federal governments” and represents seven US bipartisan anti-scam bills, including the Stop SCAMS Act, to strengthen legal protections against AI-enabled fraud.
The Stop SCAMS Act would require the FBI to lead a coordinated national anti-scam strategy, bringing together government, law enforcement, and private sector agencies to better track, disrupt, and prevent fraud and scam activity.
Meanwhile, Google has emphasized that Android users are protected from these threats with AI-powered protection.
Defenses support Android scam detection that alerts users about suspicious calls, and message protection that blocks more than 10 billion malicious messages every month.
Security teams penetrate 54% of successful attacks and monitor 14%. Some walk around the area without being seen.
The Picus white paper shows how breaches and attack simulations evaluate your SIEM and EDR rules so that threats stop slipping through detection.
Get a white paper
