The FBI, working with Google and Black Lotus Labs, has disrupted a Chinese phishing-as-a-service operation called Outsider Enterprise that used thousands of fake websites and more than a million fraudulent URLs to steal credit card data and passwords, according to a Google disclosure.
KEY FACTS
- Scale Google linked the operation to 9,000 fake websites and more than a million fraudulent URLs.
- Impact Authorities believe the campaigns helped steal more than 3.8 million credit card records.
- Losses The estimated financial damage was about $1.9 billion.
- Takedown The FBI seized administration servers, a Shopify storefront and about $100,000 in USDT.
Outsider Enterprise has been active since at least 2023 and used AI and distributed phishing kits to send fake text campaigns that impersonated trusted brands over AT&T, T-Mobile and Verizon networks. The operation is tied to China and coordinated through Telegram, the disclosure said.
As part of Operation Riptide, the FBI and partners redirected thousands of domains registered at U.S. providers to an FBI splash page. The agency also took over a Telegram bot linked to the service that contained information on customers of the phishing operation.
Google said the infrastructure sent 2.5 million SMS messages to Android users over a two-week period in May, with users flagging 55,000 as fraudulent. The company said the campaigns affected hundreds of thousands of people worldwide and that victims lost millions of dollars.
Google has also filed a civil lawsuit targeting the operation’s infrastructure and is working with AT&T, T-Mobile and Verizon to block fraudulent messages before they reach subscribers. The company is also pushing for anti-scam legislation, including the Stop SCAMS Act, to expand national coordination against fraud.
WHY IT MATTERS
The case shows how phishing groups are combining AI, mass messaging and large domain networks to scale scams quickly. It also highlights how law enforcement and private companies are trying to disrupt the infrastructure before more victims are hit.