A lawsuit filed by Google against an alleged China-based phishing network may help the company seize reachable infrastructure and make fraud harder for criminals, but is unlikely to stop the broader scam ecosystem, a cybersecurity expert told OCCRP on Tuesday.
“Anytime we can increase the friction for fraudsters it is worth pursuing, but I suspect it will not have a massive impact overall,” said Chester Wisniewski, director and global field chief information security officer at Sophos.
Google filed the civil lawsuit on Friday against an alleged cybercrime network accused of distributing phishing kits used to create fake websites and send large-scale scam text campaigns impersonating trusted brands.
The civil case targets an organized operation known as the “Outsider Enterprise,” which allegedly coordinates through Telegram and provides tools that allow criminals to launch fake text-message campaigns designed to steal passwords, credit card numbers and other personal data, according to a blog post by Google.
The FBI, Google and Lumen Technologies also took coordinated action against the network. The operation reportedly led to the seizure of several domains linked to the group’s core admin servers, a Shopify storefront, about $100,000 from Outsider payment wallets and thousands of domains registered through U.S.-based providers.
The phishing campaigns often imitate routine alerts, including fake package notices, urgent bank warnings, missed package deliveries, unpaid tolls, parking violations or messages claiming that a user’s account has been compromised, according to Google.
The tech giant described the scale of the operation as “massive,” with hundreds of thousands of victims allegedly scammed and losses estimated in the millions of dollars. The company identified 9,000 fake websites and more than one million fraudulent URLs connected to the group.
Outsider facilitated phishing attacks against people and businesses in 55 countries since July 2023 and caused an estimated $1.9 billion in losses according to the FBI. The agency also linked Outsider phishing domains to nearly 3.9 million stolen credit cards, according to the report.
In a two-week period in May, Android users flagged 55,000 spam texts linked to the operation, while 2.5 million messages containing links to websites allegedly generated by the Outsider Enterprise were sent to Android users, Google reported.
The group’s “phishing kits” made it easier for criminals to build scam pages that looked like they belonged to Google or other well-known companies. Access to the kit was allegedly sold as a subscription, with prices starting at $88 per week.
The operation also relied on artificial intelligence, Google alleged. The company accused the group of encouraging customers to use Gemini and other AI platforms to generate custom code for phishing lures and fake websites.
Wisniewski told OCCRP that Google may be seeking “a legal right to seize assets that are within reach of cooperative governments,” including domains and cloud infrastructure. The case may also give Google leverage to pursue sanctions, which could restrict legitimate services from providing infrastructure to the named entities, he added.
The alleged use of AI is especially significant in phishing and scam attacks because it removes “the telltale signs” of messages written by non-native speakers and allows fraud to be conducted at a much larger scale, Wisniewski said. But the international nature of the crimes makes enforcement difficult, he added.
Google said it was coordinating with the FBI, which is expected to take law enforcement actions, and was working with AT&T, T-Mobile and Verizon to block scam texts before they reach users.
“The criminals behind the Outsider Enterprise built a business out of impersonating trusted brands to defraud hundreds of thousands of victims,” Brett Leatherman, assistant director of the FBI’s Cyber Division, said in a statement published by Google. “Criminals increasingly use AI to make fraud like this more convincing and harder to detect.”
Google is also supporting federal legislation aimed at improving the U.S. response to scams, including bills that would create a national anti-scam strategy and strengthen coordination between government agencies, law enforcement and private companies.
Major U.S. telecoms, including AT&T, T-Mobile and Verizon, emphasized the need for a coordinated industry response in statements published by Google. AT&T blocks or labels billions of robocalls and spam texts every month, while T-Mobile and Verizon are working with Google, law enforcement and other partners to disrupt malicious traffic, according to the companies.
Read the full article at OCCRP →
United States