For $200 a month, anyone can now rent a fraud factory. That, in essence, is what Google described when it took Outsider Enterprise to court, a China-based cybercrime network that turned artificial intelligence into a fraud assembly line. The service was sold like any other subscription software, $88 a week or $200 a month, and it delivered what it promised: flawless phishing pages (scams that imitate a trusted site to steal your data), generated in minutes from more than 290 ready-made templates. And the engine writing the code for those pages was, among others, Gemini, Google's own artificial intelligence.
This is where the story stops being about one company and becomes about all of us. Phishing is not new. What changed, and changed for good, is the barrier to entry. For years we taught people to spot a scam by its flaws: the clumsy wording, the stretched logos, the ugly page falling apart. That was the warning sign. When a machine writes the text without a single mistake and clones the site pixel for pixel, that sign disappears, and the fraud stops looking like fraud.
The numbers behind a fraud factory
The figures are hard to stomach. Google links this operation to more than 9,000 fake websites and roughly 1 million fraudulent addresses. In just two weeks in May, Android users flagged 55,000 spam messages, and the company tied 2.5 million messages to the group's infrastructure. The FBI estimates the network enabled the theft of 3.87 million credit cards and $1.9 billion in losses since July 2023. And, according to the complaint, the group coordinated "brazenly, in open and largely uncoded discussions on Telegram." It is, by all accounts, the first time Google has gone to court specifically over abuse of Gemini.
Why this lands on your phone
To see why this hits so close to home, just look at your own phone. SMS fraud, known as smishing (phishing sent by text message), is already routine: the "held" parcel asking for a tiny customs fee, the message in the name of a health authority, the fake bank or digital-ID alert. Police and consumer groups have been warning about it for months. And there is a cruel detail: through a technique called spoofing, which forges the sender, the fraudulent message often lands in the same thread as the genuine ones from your bank or courier. Add AI-cloned pages without a single flaw, and you see the leap. The bait was already convincing. Now the place the bait leads to is indistinguishable from the real thing.
The defence has shifted
The conclusion is uncomfortable but honest: the defence we taught for a decade is obsolete. To keep repeating "be suspicious if it is badly written" is to give advice for a war that is already over. The axis has to move. Instead of looking at how the message looks, look at the channel it arrived through. The question is no longer "does this look real?" but "did I go looking for this, or did it come to me?". A link that shows up unrequested, however perfect, is a stranger knocking at the door, and you do not open the door to a stranger just because he is well dressed.
In practice, protect yourself like this:
- Do not click links received by SMS or email to settle "pending issues": open the official app or website yourself by typing the address.
- Hold on to the rule that never fails: a courier, a bank or the government never asks for data or payment by message.
- Turn on two-factor authentication (2FA) on anything that matters: even if the password leaks, the account holds.
- Distrust urgency: the "you have two hours to pay" exists to steal your time to think.
- Confirm through the official channel: when in doubt, use the number on the card or the real website, never the one in the message.
- Report it: flagging the message to the police or your national cybersecurity centre helps stop the next victim.
The hard part to accept is that none of this is a problem for the future. It is already in our inboxes, every single day. Artificial intelligence did not invent greed or lies; it gave them industrial scale and erased the mistakes that used to warn us. The way in is the same as ever, the link and the rush. What changed is the coat of paint on it.
Original source: Help Net Security; facts confirmed by TechCrunch and Google's filing.
#StaySafe
🙏🖖
