FBI, Google Dismantle ‘Outsider Enterprise’ Phishing Service

Summary

The FBI and Google have successfully dismantled Outsider Enterprise, a large-scale phishing-as-a-service platform operating from China. This operation, part of FBI's Operation Riptide, disrupted a network that hosted over 9,000 phishing sites, leading to the theft of nearly 4 million credit cards and an estimated $1.9 billion in losses. The platform, active since 2023, targeted individuals in the US and 54 other countries, distributing phishing kits via SMS messages.

Full text

The FBI and Google have announced the takedown of Outsider Enterprise, a large phishing-as-a-service (PhaaS) platform that caused billions of dollars in losses. Operating out of China and coordinated through Telegram, the network distributed phishing kits that allowed threat actors to impersonate known brands in campaigns carried out over SMS messages. According to Google, hundreds of thousands of people fell victim to attacks carried out by threat actors associated with Outsider Enterprise. More than 2.5 million messages containing links to websites generated through the platform were sent to Android users over a two-week window in May. The internet giant says it has identified 9,000 fake websites and more than 1 million URLs associated with Outsider Enterprise. According to the FBI, the Chinese PhaaS platform has been active since 2023, targeting individuals in the US and at least 54 other countries.Advertisement. Scroll to continue reading. Over the past three years, the phishing platform was used to steal approximately 3.8 million credit cards, causing an estimated $1.9 billion in losses, the Bureau says. The takedown action, part of the FBI’s Operation Riptide, an effort to disrupt cybercriminal networks, led to the seizure of domains linked to Outsider Enterprise’s administrative servers and of a Shopify e-commerce storefront and account employed for phishing kit testing. The investigators also seized approximately $100,000 in cryptocurrency assets and used an Outsider Telegram bot to gather intelligence on the platform’s customers. Additionally, the FBI and its partners took down thousands of phishing domains hosted by US providers and rerouted them through an FBI splash page. Google on Friday announced it has filed a lawsuit to dismantle Outsider Enterprise infrastructure in coordination with the FBI. The company is also working with AT&T, T-Mobile, and Verizon to block the phishing text messages. According to the internet giant, protections against cyber-enabled fraud should be permanent. Thus, it is advocating for “seven bipartisan bills to fight back against scams, including those created with AI”. These include the National Strategy for Combating Scams Act, the Strategic Task Force on Scam Prevention Act, the STOP Scams Against Seniors Act, the AI Plan Act, the Stopping Cross-border Attacks and Manipulation (SCAM) Act, the Artificial Intelligence Public Awareness and Education Campaign Act, and the Stop Schemes, Cyber Fraud, Abuse, Manipulation, and Swindles (SCAMS) Act. “By combining powerful security defenses with aggressive legal action, we’re fighting against scammers and working to build a safer internet for everyone,” Google notes. Related: Silent Ransom Group Uses DNS Fast Flux in Attacks Related: B1ack’s Stash Marketplace Gives Away 4.6 Million Stolen Credit Cards Related: North Korean Hackers Use AppleScript, ClickFix in Fresh macOS Attacks Related: Triad Nexus Evades Sanctions to Fuel Cybercrime Written By Ionut Arghire Ionut Arghire is an international correspondent for SecurityWeek. Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights. More from Ionut Arghire CISA Directs Federal Agencies to Prioritize Security Patches Based on RiskHackers Exploit Langflow Vulnerability for Remote Code ExecutionSplunk, Palo Alto Networks Patch Severe Vulnerabilities‘GreatXML’ Zero-Day Exploit Bypasses BitLockerCyera Raises $600 Million at $12 Billion ValuationAryon Security Raises $29 Million in Series A FundingNew Windows Zero-Day Exploit ‘RoguePlanet’ ReleasedCritical Vulnerabilities Patched in Fortinet, Ivanti Products Latest News Maine Disables Data Breach Portal Due to Fake Submissions NPM 12 Will Change Script Execution Behavior to Prevent Supply Chain AttacksAnthropic Says It Has Taken Its Latest AI Models Offline to Comply With New Export ControlsIn Other News: Google Security Layoffs, AudiA6 Takedown, $400 Million Coupang FineIndustry Reactions to Claude Fable 5: Feedback FridayIranian Cyber Group Handala Claims Cal Water HackIvanti Sentry Exploitation Attempts Hitting HoneypotsChrome 149 Update Patches 28 Vulnerabilities Trending Daily Briefing NewsletterSubscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: How Modern Breaches Bypass MFA and Evade Detection June 17, 2026 Today’s attackers are no longer breaking in — they’re logging in. Join this live webinar as we break down the modern identity attack chain and examine how recent breaches exploited weaknesses in authentication, identity verification, and access management processes. Register Webinar: Modern Exposure Validation in the AI Era June 24, 2026 AI has accelerated both sides of the fight. Adversaries are weaponizing vulnerabilities faster, while defenders are racing to ship detections and configurations. Join this live webinar as we explore how to prove your controls actually hold against new threats, map your security maturity, and unite breach simulation with automated pentesting into a single, coordinated program. Register People on the MoveStephen Garcia has been named Chief Information Security Officer at BreachRx.Kasper Lindgaard has been appointed Vice President of Security Strategy at CoreView.Chaim Mazal has been named Chief Information Security Officer at GitLab.More People On The MoveExpert Insights After AI Reaches Production: 12 Ways Security Teams Can Take Control Security teams need more than visibility into AI applications, they need a repeatable framework for monitoring, investigating, and defending them in production. (Joshua Goldfarb) Everybody Is Vibe Coding But Nobody Told the Security Team AI-driven development is not something organizations can or should block. But it must be governed. (Danelle Au) The Zero-Knowledge Threat Actor and the End of Responsible Disclosure AI can help attackers generate malware, create malicious payloads, bypass simple security checks, and convert vague malicious intent into functional code. (Etay Maor) Raising the Cybersecurity Stakes: Ante up for the Agentic Era CISOs are now facing machine-speed attacks and asking, “How do I agent?” The industry must provide remediation at scale. (Nadir Izrael) Caught Off Guard: Securing AI After It Hits Production As enterprises rush AI projects into production, security teams are increasingly being forced into reactive mode. (Joshua Goldfarb) Flipboard Reddit Whatsapp Whatsapp Email

Entities