FBI dismantles AI-assisted Outsider Enterprise phishing ring tied to $1.9B in losses

A joint operation involving the FBI, Google, and security firm Black Lotus Labs has taken down Outsider Enterprise, a China-based phishing-as-a-service platform active since at least 2023. The action forms part of the FBI's broader Operation Riptide, which targets cybercriminal networks and their supporting infrastructure.

Outsider Enterprise functioned as a toolkit supplier for criminal operators, distributing phishing kits that enabled customers to send fraudulent SMS messages mimicking trusted brands including Google. Campaigns were delivered to subscribers of AT&T, T-Mobile, and Verizon. The platform relied on AI assistance to scale and refine its operations.

The technical takedown involved seizing multiple administration servers, a Shopify storefront used by the operation, and a test account the operators maintained for quality-checking the phishing service. Authorities also assumed control of a Telegram bot that held data on the platform's paying customers — giving investigators a potential roadmap to downstream criminal operators who purchased access. Thousands of phishing domains previously registered through US-based providers now redirect visitors to an FBI notification page.

Google has separately filed a civil lawsuit targeting the operation's infrastructure and is coordinating with the three major carriers to filter out fraudulent messages before they reach end users. The company characterized the platform as an organized cybercrime network coordinating through Telegram and operating from China.

"Our civil lawsuit targets an organized cybercrime operation known as the 'Outsider Enterprise'. Based in China and coordinating through Telegram, this network distributes 'phishing kits' that allow criminals to blast out fake text campaigns that look like they're from Google and other trusted brands." — Google

Google is also using the case to push for legislative action, backing seven bipartisan anti-scam bills in the US Congress, among them the Stop SCAMS Act. That legislation, if passed, would direct the FBI to coordinate a national anti-fraud strategy spanning federal agencies, law enforcement bodies, and private-sector partners.

For hosting and infrastructure professionals, the case carries specific implications. The platform registered thousands of phishing domains through US-based registrars, and those domains are now under FBI control. Registrars and DNS operators will likely face renewed scrutiny over abuse-detection procedures and the speed at which fraudulent registrations can be identified and actioned. The seizure of a Shopify storefront also highlights how legitimate e-commerce platforms can be embedded in criminal service delivery chains.

Telecom providers face parallel pressure: Google's coordination with AT&T, T-Mobile, and Verizon to block outbound fraud traffic underscores the expectation that carriers will serve as active filtering layers, not passive conduits. The Telegram bot seizure, meanwhile, adds a layer of legal and operational risk for services that host criminal coordination infrastructure.

Google noted that its Android platform already deploys AI-based defenses capable of blocking more than 10 billion malicious messages monthly, and that scam-detection features warn users about suspicious inbound calls. The Outsider Enterprise case tests whether those safeguards, combined with legal and law-enforcement action, can meaningfully suppress phishing-as-a-service operations operating at this scale.