Google sues alleged China-based scam ring over Gemini phishing tools
Google says Outsider Enterprise used Telegram and Gemini to help scammers build fake sites tied to millions of phishing texts.
By Hana Yoshida · Markets Reporter
3 min read
Google has filed a civil lawsuit against Outsider Enterprise, a group it says used its Gemini artificial intelligence tools to help run phishing scams. The case matters because Google alleges the operation lowered the skill needed to create convincing fake websites and text-message campaigns.
In a blog post and court filing, Google described Outsider Enterprise as a China-based cybercrime network that operated through Telegram. The company said the group sold phishing-as-a-service tools to customers who could use ready-made templates and instructions rather than build scam infrastructure themselves.
Google said Outsider Enterprise shared guidance in Telegram channels on using Gemini to create imitation websites. According to the company’s filing, the targets included fake versions of Google and YouTube pages, as well as government-related services such as New York’s E-ZPass.
The company said the group made nearly 300 scam templates available. Google said it has connected the network to 9,000 fraudulent websites and 1 million URLs.
Texts sent users to fake sites
Google said scams linked to Outsider Enterprise generated more than 2.5 million text messages aimed at Android users. About 55,000 of those messages were sent during a two-week period last month, according to the company.
The messages often warned recipients about account issues or package-delivery problems, Google said. People who followed the links were sent to fraudulent sites meant to appear legitimate, where criminals sought personal information and banking data.
Google did not give an estimate for total losses in its court filing, according to Ars Technica. In its blog post, Google said hundreds of people lost money through scams connected to the operation.
Google said it worked with AT&T, Verizon and T-Mobile to block many malicious texts. The company also pointed to scam detection built into Google Messages, which Google says blocks 10 billion scam texts each month, as another defense against campaigns like this one.
Google seeks broader AI scam laws
The lawsuit is Google’s first direct legal action against a group it accuses of using Gemini in a scam operation, according to Ars Technica. Google has previously sued alleged scammers in other cases.
Google said it is also helping the FBI’s cybercrime division with a related criminal investigation. Ars Technica reported that the people behind Outsider Enterprise have not been publicly identified, and that the company can try to disrupt domains and Telegram accounts tied to the operation.
Alongside the lawsuit, Google renewed support for federal legislation focused on AI-related scams. The company cited proposals including the National Strategy for Combating Scams Act, the Strategic Task Force on Scam Prevention Act and the AI Plan Act.
Google said several of the bills would push federal agencies to create task forces addressing AI-assisted scams and market manipulation. Another proposal, the Artificial Intelligence Public Awareness and Education Campaign Act, would focus on helping the public recognize malicious uses of AI.
This story draws on original reporting from Ars Technica.