Google has launched a lawsuit against an alleged Chinese cybercrime organisation, 'Outsider Enterprise', claiming it leveraged artificial intelligence (AI) to perpetrate widespread scams that have defrauded hundreds of thousands of individuals globally. The tech giant asserts that the network employed AI in its campaigns to dispatch fraudulent text messages, impersonating Google and other prominent brands, with the aim of stealing personal data such as passwords and credit card details.
According to Google's allegations, 'Outsider Enterprise' has financially exploited a vast number of victims, with losses potentially running into millions of pounds. The group is reported to have deployed 9,000 fake websites and one million fraudulent web domains. In a mere two-week period, 2.5 million text messages were sent to Android users, with 55,000 spam texts flagged by users in May alone, equating to more than two complaints per minute.
The lawsuit details that the 'Outsider' software, which costs approximately £70 per week or £160 per month, enabled criminals, regardless of their technical proficiency, to create sophisticated fake websites. These sites, often mimicking legitimate services from telecommunication providers, financial institutions, government agencies, and retailers, were reportedly generated using AI platforms, including Google's own Gemini. The ultimate goal was to steal login credentials and financial information entered by victims into these deceptive sites.
Collaboration among the cybercriminals was reportedly facilitated through platforms like Telegram, where members could exchange strategies, offer training, and coordinate phishing attacks openly. Google also claims that the 'Outsider' platform offered over 290 pre-built templates for creating realistic website replicas in minutes, along with guides on how to weaponise AI-generated code. Furthermore, the criminals allegedly utilised Google Drive and Google Cloud infrastructure to host their phishing websites.
Since July 2023, the FBI, in coordination with Google and Lumen’s Black Lotus Labs, has seized several domains and Shopify storefronts linked to the operation. An FBI spokesperson indicated that 'Outsider Enterprise's' phishing platform has been instrumental in the theft of an estimated 3.87 million credit cards, resulting in approximately £1.5 billion in losses globally. Google stated it is actively collaborating with major telecommunication companies, including AT&T, T-Mobile, and Verizon, to block these scam messages, and is coordinating efforts with the FBI.