A major international operation led by the FBI, with Google and infrastructure company Lumen, shut down a sophisticated Chinese cybercrime network called Outsider Enterprise. The group ran a phishing-as-a-service platform that let even nontechnical criminals build scam sites within minutes. According to a New York indictment, the operation was behind the theft of about 3.87 million credit cards and an estimated $1.9 billion in losses since July 2023.
The FBI said the operation, code-named Operation Ghost Hook, seized the group’s main management servers, a virtual store used to test systems, and crypto wallets containing about $100,000. Thousands of fake domains registered through U.S. hosting providers were also taken down and now display an FBI warning page.
The network charged $88 a week or $200 a month through a Telegram bot and offered more than 290 ready-made templates that copied banks, mobile carriers, postal services, and toll-collection systems. The fake sites could capture data in real time and prompt victims for one-time verification codes and passwords, helping criminals bypass protections such as two-factor authentication.
The case also shows how the operators used AI to defeat Google’s own filters. Prosecutors say customers received tutorial videos explaining how to make Google’s Gemini write HTML for the scam pages. To get around Gemini’s safety systems, they used prompt engineering and framed the request as a harmless page design for a “gift redemption” site.
The Manhattan federal indictment charges the defendants with extortion, wire fraud, and trademark infringement. Google and the FBI said the suspects are likely in China, making extradition unlikely. Google also said it is working with AT&T, T-Mobile, and Verizon to block malicious SMS messages before they reach users, while pushing for tougher U.S. federal penalties for AI-enabled fraud.
