Google sues China-based scam ring over Gemini-powered fake sites

Google has filed suit against what it says is a China-based cybercrime network that turned Gemini, phishing kits and mass text blasts into an industrial-scale scam operation. The company says the group, which it calls the Outsider Enterprise, coordinated through Telegram and used fake corporate and government sites to steal passwords and credit cards while impersonating Google and other trusted brands.

The scale is the point of the lawsuit. Google says it found 9,000 fake websites and more than 1 million fraudulent URLs tied to the network, and that 2.5 million messages were sent to Android users with links to Outsider-generated websites over a two-week stretch in May 2026. In the same period, Android users flagged 55,000 spam texts. Google says the operation produced hundreds of thousands of victims and losses estimated in the millions.

The complaint is also a test case for whether an AI company can police downstream abuse of its own tools. Google says the scam infrastructure used its Gemini system to create hundreds of fake websites, showing how generative AI can compress what once took time, skill and coordination into a scalable fraud pipeline. The company is pursuing litigation as a way to dismantle the underlying criminal infrastructure, not just collect damages after the fact.

Google said the broader response includes coordination with the FBI and with AT&T, T-Mobile and Verizon to block scam texts before they reach users. It is also backing seven bipartisan bills in Congress aimed at scam prevention and tighter protections against AI-driven fraud, a sign that the company sees the threat as both a law-enforcement problem and a policy failure.

The new case follows an earlier campaign against a separate phishing-as-a-service operation called Lighthouse, which Google sued in November 2025. In that case, Google said it found at least 107 website templates featuring its branding on fake sign-in screens, and that Lighthouse had harmed more than 1 million victims across more than 120 countries. Google said the operation may have stolen between 12.7 million and 115 million U.S. credit cards. Together, the cases show an arms race in which scammers are industrializing deception faster than most defenses can adapt, and where civil litigation may be one of the few tools left to choke off the supply chain.