FBI Shuts Down Outsider Enterprise: AI Phishing Service with 1M+ URLs

The FBI, in coordination with Google and Black Lotus Labs, has dismantled a sprawling Chinese phishing-as-a-service operation known as Outsider Enterprise, responsible for 9,000 fake websites and more than one million fraudulent URLs used to harvest credit card data and credentials. Active since at least 2023, the platform distributed AI-assisted phishing kits that impersonated trusted brands via SMS routed through AT&T, T-Mobile, and Verizon. Authorities estimate the campaigns compromised over 3.8 million credit card records, generating approximately $1.9 billion in losses. Google reported that over a two-week window in May alone, 2.5 million malicious SMS messages were sent to Android users, 55,000 of which were flagged as fraudulent.

The takedown, conducted under the FBI's broader Operation Riptide, combined technical and legal action. Agents seized multiple administration servers, a Shopify storefront used to sell the kits, a Telegram bot containing customer records, and roughly $100,000 in USDT from the operators' payment wallets. Thousands of phishing domains registered with U.S. providers now redirect to an FBI splash page. Google simultaneously filed a civil lawsuit targeting the operation's infrastructure and is pushing the bipartisan Stop SCAMS Act to formalize a federal anti-fraud strategy led by the bureau.

The case highlights how AI tooling is industrializing phishing at unprecedented scale, lowering the technical bar for would-be scammers. Defenders and everyday users should treat unsolicited SMS messages as hostile by default and verify any unexpected links directly with the claimed sender. Anyone concerned about exposed credentials can search for their addresses using an email breach checker, while a password checker helps confirm whether stored credentials have appeared in known leaks. For site operators, a WHOIS lookup on suspicious domains can quickly reveal registration patterns and registrant history tied to campaigns like Outsider Enterprise.