Google sues billion-euro AI phishing network - first lawsuit over abuse of Gemini AI for mass fraud
What it really says
On June 12, 2026, Google filed a lawsuit against the international cybercrime network 'Outsider Enterprise.' The China-based group used Google's own AI model Gemini, among other tools, to create phishing websites and fraud infrastructure at industrial scale. The numbers are staggering: over 9,000 fake websites, approximately one million fraudulent URLs, and 2.5 million fraudulent SMS messages within just two weeks. Since July 2023, according to the lawsuit, 3.87 million credit card records were stolen, with total damages estimated at approximately 1.8 billion euros. The network operated a 'Phishing-as-a-Service' business model via Telegram - subscriptions for ready-made phishing kits cost from 80 euros per week or 185 euros monthly. Google bases its lawsuit on the US RICO Act for combating organized crime and is coordinating with the FBI and major US telecommunications providers Verizon, AT&T, and T-Mobile. This is Google's first lawsuit involving abuse of its Gemini AI tools.
Our assessment
This case warrants differentiated consideration. On one hand, it reveals a real and serious risk: AI tools like Gemini can dramatically accelerate and cheapen the creation of convincing phishing content. A fraud network that previously required technical expertise can now scale industrially with AI support - 80 euros per week for a ready-made phishing kit massively lowers the barrier to entry. The scale of 1.8 billion euros in damages and 3.87 million stolen credit card records is alarming. On the other hand, the response is noteworthy: Google itself is suing over the misuse of its own technology, working with law enforcement, and deploying heavy legal tools like the RICO Act. This shows that technology companies and authorities take the problem seriously. The central question remains: can protective measures keep pace with the speed at which criminals misuse AI tools? Phishing existed before AI - but AI makes it more efficient, more convincing, and harder to detect.
Relevance for Germany
German consumers are directly affected. Phishing SMS messages and fake websites posing as parcel services, banks, or authorities are commonplace in Germany - and AI makes these messages linguistically and visually more convincing than ever before. The fact that Outsider Enterprise operated as an international network means German users could be among the hundreds of thousands of victims. For German companies and authorities, the question arises how existing protective mechanisms need to be adapted against AI-powered fraud schemes. The BSI already regularly warns about increasingly professional phishing campaigns. The EU AI Act, fully applicable from August 2026, addresses transparency obligations for AI systems, but criminal use of AI naturally falls outside regulatory frameworks. Law enforcement and technical protective measures are needed here.
Fact check
The facts are confirmed by multiple independent sources. Google itself published a detailed blog post about the lawsuit. TechCrunch, Help Net Security, and IT-Boltwise consistently report the core data: 9,000 fake websites, one million fraudulent URLs, 2.5 million SMS messages in two weeks, 3.87 million stolen credit card records, and estimated total damages of 1.8 billion euros. The use of the RICO Act and coordination with the FBI and telecommunications providers are consistently reported. The claim that this is Google's first lawsuit over Gemini misuse comes from Google's own communications.
Source
- • https://blog.google/innovation-and-ai/technology/safety-security/combatting-ai-scams/
- • https://techcrunch.com/2026/06/12/chinese-cybercrime-operation-that-used-ai-to-scam-hundreds-of-thousands-of-victims-sued-by-google/
- • https://www.helpnetsecurity.com/2026/06/12/google-china-based-cybercrime-network-lawsuit/
- • https://www.it-boltwise.de/google-klagt-gegen-outsider-enterprise-ki-phishing-im-grossen-stil.html