Google Sues Chinese Cybercrime Network That Weaponized Gemini for Mass Phishing Scams
Key Takeaways
- ▸Outsider Enterprise used Gemini to automate phishing attacks, offering fake website generation and phishing templates to less technical scammers operating through Telegram
- ▸The campaign reached scale with 2.5+ million fraudulent text messages to Android users and resulted in financial losses for hundreds of victims
- ▸Google is taking three-pronged approach: civil litigation, law enforcement collaboration, and policy advocacy for new federal anti-AI-fraud legislation
Summary
Google has filed a civil lawsuit against Outsider Enterprise, a Chinese group operating through Telegram that offered phishing-as-a-service tools to less technically savvy scammers. The network provided instructions on how to use Google's Gemini AI to create counterfeit websites imitating Google, YouTube, and government agencies like New York's E-ZPass, offering nearly 300 pre-made scam templates.
The scale of the scam campaign is substantial: Outsider Enterprise's activity resulted in over 2.5 million text messages sent to Android users, with 55,000 messages sent in just a two-week period last month. Victims were tricked into visiting fraudulent websites designed by Gemini, where their personal data and banking credentials were harvested. Google has tracked 9,000 fake websites and 1 million URLs connected to the operation, though the filing does not quantify total financial losses.
Google is coordinating with law enforcement, the FBI's cybercrime division, and major U.S. mobile carriers (AT&T, Verizon, and T-Mobile) to disrupt the operation. The company is simultaneously pushing for new federal legislation, including the National Strategy for Combating Scams Act and the AI Plan Act, to establish task forces and improve public awareness of AI-enabled fraud. This marks the first time Google has pursued legal action against a group specifically using Gemini for criminal purposes.
