• Download the lawsuit here.

Google has sued hackers believed to be part of an alleged Chinese cybercrime gang called Outsider Enterprise, which used Gemini AI to steal private data from “hundreds of thousands” of users.

According to a lawsuit filed in New York, private information stolen by Outsider Enterprise, including passwords and credit card numbers, was used to swindle victims out of “millions of dollars.”

Using AI, the hackers created 9,000 fake websites, one million fraudulent web domains, and sent 2.5 million scam texts to Android users during a two-week period in May 2026 alone.

How Outsider Enterprise enabled AI scams: The Chinese cybercrime network used Gemini, Google’s own AI system, to create hundreds of fake websites impersonating companies such as Google and YouTube, as well as government services including the Postal Service and New York’s E-ZPass highway toll service, according to the lawsuit.

• Google alleged that the network coordinated through the Telegram messaging service to share tips and trade software kits that used AI to mass-produce scam messages across communication platforms.

• The gang “built, maintains, and uses a turn-key online software suite that enables criminals, regardless of technical skill, to publish fraudulent websites designed to rob victims,” the complaint states.

• According to Google, this “phishing-for-dummies” software, called Outsider, is available through subscriptions starting at as little as $88 per week. It allows users to create fake websites “in minutes,” launch phishing campaigns, and steal victims’ credit card numbers, bank account credentials, and personal data.

• The software enables scammers to request multiple forms of verification from victims, including SMS, PIN, email, and app-based verification. This allows the Enterprise to bypass various authentication measures, including 3D Secure protections that would otherwise prevent unauthorised credit card transactions.

• Outsider offers more than 290 pre-built templates designed to mimic legitimate websites belonging to financial service providers, brokerage firms, wireless telephone service providers, government agencies, and retailers.

• The group also infringed Google’s trademarks to lend false legitimacy to its criminal schemes. At least 14 Outsider-provided templates feature Google branding, including logos for YouTube, Google Pay, and Google Play.

• Scammers used Google Cloud infrastructure to host phishing websites and Google Drive to store stolen user data.

The scale of Outsider’s phishing operations: Over five months, from November 14, 2025, to April 14, 2026, Google detected more than 1.59 million URLs linked to Outsider Enterprise.

• Cybercriminals stole at least 36,000 payment cards issued by financial institutions across 95 countries using a previous version of the Outsider software, according to Google.

• An FBI spokesperson told TechCrunch that since July 2023, Outsider Enterprise’s phishing platform enabled cybercriminals to steal “at least an estimated 3,870,000 stolen credit cards and a corresponding estimated $1.9 billion in losses.”

Inside Outsider Enterprise: According to Google, Outsider Enterprise consists of several interconnected groups of criminals that play different roles in executing financial scams:

• Developer Group: Creates phishing software and website templates targeting new companies and victims.
• Data Broker Group: Supplies lists of targets, including potential victims’ contact information, sourced from public records, social media, and data breaches.
• Spammer Group: Provides the tools and infrastructure required to send spam text messages in bulk.
• Theft Group: Helps monetise stolen private data and launder stolen money.
• Telegram Group: Operates online forums that allow Enterprise members to collaborate on phishing attacks and recruit new members.

“Part of the Outsider software’s appeal is the ease with which someone with limited technical expertise—like many members of the Enterprise—can purchase the software, execute various phishing attacks, and, upon purchase, meet other members of the Enterprise who are proficient in other areas. The online forums run by the Telegram Group make this possible,” Google said.

Why this matters: The lawsuit comes at a time when AI-powered scams are escalating worldwide. According to FBI data, US citizens lost a staggering $21 billion to cyber fraud last year, including $893.3 million linked to AI-enabled fraud. With 5,879 complaints, India ranked second among more than 200 countries from which the Internet Crime Complaint Center received reports of cyber-enabled crime in 2025.

Recent trends indicate a sharp increase in cybercrimes targeting minors (aged 17 and below), driven by sextortion, cyberbullying, and online grooming. Minors filed 13,168 cybercrime complaints in the US last year, with losses totalling nearly $13 million. Amid growing concerns about children’s online safety, several countries, including India and the UK, are considering bans on social media use by those under 16 or evaluating age-based restrictions. Last year, Australia became the first country to impose such a ban.

Beyond Google’s Gemini, scammers have also been using web-hosting platforms to create fake websites in attempts to deceive victims. Last week, MediaNama reported that fraudsters used US-based platforms such as Vercel, Netlify, and GitHub to create 15 near-identical clones of the IndiaMART website, mimicking its layout, trade dress, graphical user interface, search structure, and features down to the “Call Now” and “Get Better Price” buttons.

How Google Ads were tricked by scammers in the past: As per MediaNama’s previous reportage on the Supreme Court of India’s public notice against fake websites impersonating the Supreme Court’s official website, scammers used Google Ads to promote fake cryptocurrency websites designed to steal users’ wallet credentials. They also reportedly used Google Ads to run tech-support scams by impersonating legitimate software companies and charging users for fraudulent malware-removal services.

Also read:

• German court holds Google directly liable for false AI Overviews claims: What it means for AI liability
• Delhi HC orders Vercel, GitHub to remove fake IndiaMART websites, blocks WhatsApp accounts
• Explained: how hackers used Indian government websites to promote illegal gambling through Google