Google Sued a Chinese Cybercrime Ring for Using Gemini to Write Its Phishing Pages

Google filed a landmark lawsuit in a New York federal court on June 12 against a China-based cybercrime network it identifies as Outsider Enterprise. The suit alleges the group operated a sophisticated phishing-as-a-service (PhaaS) platform used to impersonate Google, YouTube, the US Postal Service, E-ZPass toll systems, financial institutions, and state DMVs — and that members of the network systematically used Google's own Gemini AI to write the HTML for the fraudulent pages. It is the first time Google has taken legal action against threat actors specifically for abusing its AI platform.

The FBI estimates the Outsider Enterprise network has stolen 3.87 million credit card numbers and caused approximately $1.9 billion in losses since it first appeared in July 2023. Over a single two-week window in May 2026, the group sent 2.5 million phishing text messages to Android users in the United States; those users filed 55,000 spam reports during that period. In total, Google's complaint identifies more than 9,000 fake websites and roughly 1 million fraudulent URLs linked to the network across its operating history.

How the Group Used Gemini

According to Google's complaint and the internal communications it reviewed, Outsider Enterprise members developed a practice of feeding Gemini prompts framed as innocuous requests — asking it to build "gift redemption" pages, loyalty portals, and customer service forms — and then feeding the generated HTML directly into the Outsider software suite. The platform converted those pages into live scam infrastructure that could be deployed within hours. Telegram channels used by the group included explicit instructions for using Gemini to generate phishing page code, with members sharing working prompts and troubleshooting sessions.

This is a documented case of what security researchers call "jailbreak-adjacent" misuse: not breaking the model's safety filters with adversarial prompts, but instead framing malicious requests as harmless ones and outsourcing the drafting work to an AI that had no way to evaluate the intended use. Gemini, asked to build a convincing USPS delivery notification page, builds a convincing USPS delivery notification page. The criminal application is one step removed from the model's output.

Google says it has disabled the Gemini accounts and infrastructure confirmed to be linked to the scheme. The company is also working with the FBI and the three largest US mobile carriers — AT&T, T-Mobile, and Verizon — to block the messages at the network level and take down the supporting infrastructure.

The Legal Strategy: Using Civil Courts to Disrupt Criminal Networks

Google's decision to file a civil lawsuit rather than relying solely on law enforcement referrals is deliberate. The company has used the same strategy before: in 2023, it sued operators of a botnet that was using Google infrastructure for credential stuffing; in 2021, it sued two Russian nationals behind a botnet targeting Google Play. Civil courts give Google direct access to injunctive relief — orders that require hosting providers, domain registrars, and financial processors to cooperate in taking down infrastructure — without waiting for a criminal investigation timeline that can span years.

The complaint names five John Doe defendants, as the identities of individual Outsider Enterprise operators have not been publicly established. The network operates through Telegram channels, with affiliate operators — criminals who purchase access to the PhaaS kit — spread across multiple jurisdictions. The suit is filed in the Southern District of New York, which has jurisdiction over a portion of the financial harm caused by the operation.

Google is simultaneously backing seven bipartisan bills in Congress related to AI-assisted fraud. The most significant is the Stop SCAMS Act, championed by Representatives Brian Fitzpatrick (R-PA) and Josh Harder (D-CA), which would create a national coordinated strategy uniting law enforcement, government agencies, and the private sector to combat transnational cybercrime rings. The legislation would also require platforms to share threat intelligence on AI-enabled fraud in ways they are not currently legally required to do.

The Scale of AI-Assisted Phishing

Outsider Enterprise is unusually well-documented because of the Gemini connection and Google's direct involvement as both target and plaintiff. It is not, however, unusual as a category of threat. Security researchers have tracked a proliferation of AI-assisted phishing infrastructure over the past 18 months. The pattern is consistent: AI tools — both commercial models like Gemini and Claude, and open-source alternatives that impose no terms of service — lower the skill floor for creating convincing phishing content and accelerate the deployment cycle for new templates when a target brand changes its visual design.

The Outsider Enterprise complaint states the network maintained a library of over 290 prebuilt templates covering recognizable brands. Maintaining that template library previously required someone who could write HTML and CSS, understand brand guidelines, and update templates when brands redesigned their web presence. With Gemini, those tasks become prompting tasks. The barrier drops further, and the operation becomes more resilient — because the template generation capability is distributed across any member with a Gemini account rather than concentrated in a few skilled developers.

For users, the practical implication is unchanged: smishing messages — phishing delivered over SMS — that contain links to fake USPS delivery notifications, toll payment overdue notices, or bank security alerts should be treated with immediate suspicion regardless of how polished they look. The visual quality of a phishing page is no longer a reliable signal of its legitimacy; AI-generated pages can be indistinguishable from real ones.

What the Lawsuit Can and Cannot Accomplish

Civil suits of this kind have a mixed track record. Google's 2023 botnet lawsuit resulted in a successful takedown of the infrastructure, but the individual operators were never identified or prosecuted. Criminal actors operating from China present additional challenges: US courts can issue orders, but enforcement against individuals in a jurisdiction with no US extradition treaty depends on whether those individuals ever travel to countries that cooperate with US legal process.

What the lawsuit does accomplish reliably: it compels US-based infrastructure providers — hosting companies, CDNs, payment processors — to cooperate in taking down the specific infrastructure identified in the complaint. It creates a legal record that can be used in future cases. And it sends a clear public signal that Google is willing to treat AI abuse as a litigation trigger rather than purely a policy matter, which may have deterrent value with threat actors who are sensitive to operational security costs.

The longer-term question is structural. PhaaS platforms like Outsider Enterprise exist because the economics of phishing remain favorable: the cost to run an operation is low, the potential returns from stolen credentials and card numbers are high, and the legal risk — particularly for operators in non-cooperative jurisdictions — is manageable. AI makes those economics more favorable by reducing operator skill requirements. A lawsuit addresses one instance; the business model it exploits is not changed by a court order.

Source: Google complaint (SDNY), FBI press release, Help Net Security, The Next Web, Decrypt, Cybersecurity News, June 12–13, 2026.