Google has filed a civil lawsuit against an organized cybercrime operation it calls the "Outsider Enterprise" — a China-based network that weaponized AI tools to orchestrate one of the largest SMS phishing (smishing) campaigns ever documented in the United States.
The lawsuit, announced June 12, 2026, is backed by coordinated FBI action and active partnerships with AT&T, T-Mobile, and Verizon to block the fraudulent messages before they ever reach a victim's phone.
What the "Outsider Enterprise" Actually Did
The operation's core business model was deceptively simple but dangerously effective: it sold ready-made "phishing kits" — prepackaged tools that let low-skill criminals launch convincing fake text campaigns impersonating Google, banks, delivery services, and government agencies. Coordinated through Telegram and run out of China, the network deployed AI to rapidly generate fake websites that looked nearly indistinguishable from the real thing.
The numbers tell the full story of the damage:
- Over 100,000 victims financially scammed, with losses running into the millions
- 9,000 fake websites and more than 1 million fraudulent URLs traced to the group
- 55,000 spam text complaints filed by Android users in a single two-week window in May — more than two per minute
- 2.5 million messages sent to Android users containing links to Outsider-generated sites in that same fortnight
The criminals didn't just misuse AI broadly — they specifically exploited Google's own trademarks and logos as part of the lure, making the scams harder for ordinary users to spot.
Google's Three-Front Response
Litigation is only one piece. Google is simultaneously pushing on the legislative front, endorsing seven bipartisan bills in Congress — two focused specifically on AI-enabled scams — including the Stop SCAMS Act and the National Strategy for Combating Scams Act. The latter, championed by Senator Rick Scott and Senator Gillibrand, would create a unified federal plan to protect seniors and working Americans from coordinated fraud schemes.
On the technical side, Google's own AI is being deployed defensively: scam detection on Android now flags suspicious calls and contacts in real time, while built-in messaging defenses intercept more than 10 billion malicious messages every month.
The FBI is blunt about the scale of the threat. Assistant Director Brett Leatherman of the Cyber Division noted that criminals are "increasingly using AI to make fraud more convincing and harder to detect," and emphasized that disrupting networks like Outsider Enterprise requires the kind of public-private coordination this action represents.
Telecom partners echoed that position. Verizon CISO Nasrin Rezai pointed out that "technical defenses alone are not enough," while T-Mobile's Chief Information Officer Jeff Simon confirmed the carrier is working on multiple fronts — network-level blocks, AI-powered filters, and cross-industry intelligence sharing.
Why This Matters Beyond the Lawsuit
Civil litigation against offshore cybercrime groups rarely delivers clean wins. Defendants in China are effectively beyond the reach of U.S. courts. But lawsuits like this serve a different purpose: they expose infrastructure, create legal grounds to seize domains, and force the ecosystem — registrars, hosting providers, payment processors — to cut off the operation's supply chain.
What's more notable here is the combination of tools Google is using simultaneously: courtroom action, FBI coordination, carrier-level blocking, AI-powered product defenses, and federal legislative advocacy. That multi-layered approach is increasingly how big tech is being forced to respond as AI dramatically lowers the barrier for criminals to run sophisticated, high-volume fraud at scale.
For users, the immediate takeaway is straightforward: unsolicited texts about package deliveries, account alerts, or payment issues — especially those asking you to tap a link — should be treated as hostile by default. On Android, report suspected spam directly in the Messages app. The data gets used.