A suspected Chinese scam ring used Google's own Gemini chatbot to build thousands of phishing sites, sending 2.5M fraudulent texts to Android users in May 2026.
Google filed a federal lawsuit Thursday against a suspected Chinese cybercrime operation it calls the Outsider Enterprise, accusing the group of sending more than 2.5 million fraudulent text messages to Android users over a two-week window in May. The complaint, first reported by Bloomberg and detailed by The Next Web, says the ring generated 9,000 fake websites and more than one million fraudulent URLs aimed at stealing personal data from American users.
The operation ran like a franchise. Members coordinated on Telegram, distributing links via SMS that impersonated Google and other familiar brands. Messages adopted the standard urgency script: a compromised account requiring immediate attention, or a package held up in transit. Targets who clicked landed on polished fake pages built to harvest credentials. According to the complaint, group members circulated explicit instructions encouraging each other to use Gemini to write the custom code required to build and operate those sites.
That detail is the headline. Outsider Enterprise did not just exploit internet infrastructure. It turned Google's own artificial intelligence tools into a production environment for fraud at industrial scale.
The scale of the operation
Nine thousand fake sites and over a million URLs produced in roughly two weeks implies systematic automation, not manual effort. Google's complaint says the campaign targeted hundreds of thousands of people across the United States, though it stops short of quantifying financial losses. Phishing operations at this scale typically compromise tens of thousands of accounts, with consequences ranging from drained bank balances to outright identity theft. The full damage count is not yet known.
This is Google's second major lawsuit against a China-linked text scam operation in seven months. In November 2025, the company filed a RICO complaint against a group it named Lighthouse, which ran a phishing-as-a-service platform selling pre-built scam kits to other criminal buyers, as The Next Web previously reported. Filing two suits in quick succession signals that Google is treating litigation as a sustained defensive strategy, not a one-off response.
Gemini's rough week
The timing was unfortunate for Google. Just one day before Thursday's complaint surfaced, CNET reported a significant Gemini outage that knocked out functionality across Google Workspace, with DownDetector logging more than 1,600 malfunction reports during Wednesday peak hours. Affected services included Docs, Sheets, Slides, Drive, and the standalone Gemini app, with Google tracing the failure to a backend database issue blocking the model from retrieving its tools catalog. Engineers resolved it by Wednesday evening.
Within 48 hours, Gemini featured in two separate damaging stories: a service failure affecting enterprise users, and a federal complaint alleging it was used to automate the construction of thousands of phishing sites. Together they expose a tension Google has yet to resolve, namely how to distribute a powerful artificial intelligence platform broadly while preventing it from serving as cheap infrastructure for criminal operations.
Who is responsible
The lawsuit arrives as a bitter fight over artificial intelligence accountability plays out in Washington and state capitals. Florida governor Ron DeSantis this week condemned the Trump administration's push to preempt state-level AI regulations, calling it "an amnesty for Big Tech," as Yahoo News reported. That dispute concerns safety legislation broadly, but it highlights a structural gap: states are attempting to regulate AI behavior, the federal government is blocking those attempts, and operations like Outsider Enterprise exploit the ambiguity over where responsibility actually falls.
Platform companies routinely argue that they cannot police every misuse of a general-purpose tool, but that defense grows less persuasive as these systems become more capable. ChatGPT alone now counts 800 million monthly active users according to Forbes, a figure that reflects how rapidly AI tools have reached both legitimate users and those looking to exploit them. When a single chatbot session can compress weeks of criminal development work into hours, the edge-case-misuse framing stops holding.
Google's suits create public records, expose the mechanics of these networks, and establish that courts are part of the response. Whether U.S. jurisdiction can meaningfully reach defendants likely operating outside the country is a different matter, and probably the more consequential one.
---
FAQ
*What is the Outsider Enterprise?*
Google's name for a suspected Chinese cybercrime group accused of sending 2.5 million fraudulent texts to Android users in May 2026, generating 9,000 fake websites designed to steal personal data.
*How did scammers use Gemini AI to build fake websites?*
According to Google's complaint, group members shared instructions on Telegram encouraging each other to use Gemini to write the code needed to create and operate credential-harvesting phishing sites.
*Has Google sued text scam operations before?*
Yes. In November 2025, Google filed a RICO lawsuit against a separate group called Lighthouse that sold pre-made phishing kits as a commercial service, making the Outsider Enterprise suit the second such action in seven months.
*What should I do if I receive a suspicious text claiming to be from Google?*
Do not tap any link in the message. Report it as spam through your phone's messaging app and visit Google's official website directly to check any claimed account alerts.
