What happened
Google has filed a lawsuit against Outsider Enterprise, an alleged China-based cybercrime network accused of using AI, including Google's Gemini, to orchestrate massive phishing campaigns. The operation deployed over 9,000 fake websites and one million fraudulent web domains, sending 2.5 million scam texts to Android users in a two-week period. Outsider Enterprise's "phishing-for-dummies" software, costing as little as $88 per week, enabled criminals to generate fraudulent websites and steal credentials, resulting in hundreds of thousands of victims and an estimated $1.9 billion in losses since July 2023, per the FBI.
Why it matters
AI-powered phishing-as-a-service platforms like Outsider Enterprise significantly lower the technical barrier for large-scale cybercrime, increasing the volume and sophistication of attacks. Security architects and platform engineers must now contend with readily available tools that enable low-skill actors to generate convincing fraudulent sites and deploy mass "smishing" campaigns, as evidenced by the 2.5 million texts sent in two weeks. This follows Google's recent rollout of AI deepfake call detection, highlighting the escalating arms race between AI-driven threats and defences. Procurement teams face increased risk from compromised credentials, while founders must prioritise robust, AI-aware security measures to protect user data and brand reputation.
