FBI dismantles – The FBI, with Google and Black Lotus Labs, dismantled Outsider Enterprise, a China-based phishing-as-a-service operation that used AI and distributed phishing kits to impersonate trusted brands in SMS scams. Authorities seized servers, a Shopify storefront, an
By the time the FBI’s disruption landed, thousands of phishing sites tied to Outsider Enterprise were already doing what they were built to do: redirecting unsuspecting people away from safety and toward stolen passwords and credit card details.
The operation—described by authorities as a massive China-based phishing-as-a-service network—was dismantled in a coordinated effort involving the FBI. Google. and Black Lotus Labs. The campaign relied on AI and distributed phishing kits used in text-message campaigns that impersonated trusted brands. with messages sent through AT&T. T-Mobile. and Verizon.
Outsider Enterprise has been active since at least 2023, operating at a large scale that depended on a crowded web of fake infrastructure. Google linked the group to 9,000 fake websites and more than a million fraudulent URLs.
Authorities say the phishing campaigns powered by Outsider Enterprise led to the theft of more than 3.8 million credit card records, contributing to estimated losses of $1.9 billion.
The takedown wasn’t only a digital removal. During the technical disruption. the FBI and partners seized multiple administration servers. a Shopify e-commerce storefront used by the operation. and an account the threat actor used to test the phishing service. Investigators also seized around $100,000 in USDT from Outsider payment wallets.
Thousands of phishing domains registered at U.S. providers are now redirecting to an FBI splash page, signaling the infrastructure that criminals relied on has been cut off.
There were also operational threads beyond websites. The FBI took over a Telegram bot linked to Outsider Enterprise that contained information on customers of the phishing service. And Google says the AI-assisted phishing operation impacted hundreds of thousands of users worldwide.
Google’s civil case is aimed directly at the operation’s infrastructure and is part of a broader push to stop the system. not just the traffic. As the technical takedown unfolded. Google coordinated with telecommunications providers AT&T. T-Mobile. and Verizon to block fraudulent messages before they reach subscribers.
The company also put hard numbers to how the campaign reached people. Over a two-week period in May, Google says 2.5 million SMS messages were sent to Android users from the Outsider Enterprise infrastructure. Android users flagged 55,000 of those messages as fraudulent.
For victims, the consequences often arrive before anyone realizes what happened. Google estimates that hundreds of thousands of victims lost millions to these scams.
Inside the wider legal and policy effort. Google framed the moment as an opening to combine disruption with tougher protections against AI-enabled fraud. The company said it is advocating for seven bipartisan U.S. anti-scam bills. including the Stop SCAMS Act. which would require the FBI to lead a coordinated national anti-scam strategy bringing together federal agencies. law enforcement. and private companies to better track. disrupt. and prevent fraud and scam operations.
Even as the action targeted criminal infrastructure, Google emphasized that Android users have defenses designed to reduce harm. Google said AI-powered protections support scam detection on Android by warning users about suspicious calls. and messaging protections that block more than 10 billion malicious messages every month.
Taken together. the seizures. the infrastructure shutdown. and the blocking of fraudulent texts point to the same reality: this phishing service was built to scale quickly—through AI. through kits. through a web of domains. and through messaging channels. When it’s disrupted, the damage doesn’t disappear overnight, but the pipeline that fed it has been interrupted.
FBI Google Black Lotus Labs Outsider Enterprise phishing-as-a-service AI phishing SMS scams AT&T T-Mobile Verizon Telegram bot USDT Stop SCAMS Act Android scam protection
So they caught them… but my phone still gets those texts like every day.
I don’t even understand how they were doing it thru SMS if it was AI? Like the scammers just copy brand names and people fall for it. I guess good they got the servers but I’m worried it just pops up again somewhere else.
This is wild because I swear my bank text me the same day, and I thought it was my bank. If it was through AT&T/T-Mobile/Verizon then doesn’t that mean the carriers are involved? Or am I mixing it up with something else.
3.8 million credit cards?? That’s insane. And they said Shopify storefront and Telegram bot… so like basically scammers were running a fake store like normal people sell stuff. Also “FBI splash page” doesn’t make me feel better, because the damage was already done and now everyone’s gotta freeze cards and change passwords. Seems like this shouldve been stopped sooner too.