Google Targets Smishing-as-a-Service Network Accused of Misusing Gemini

Google’s lawsuit against a China-linked smishing network is less a story about a new AI trick than about a familiar fraud model getting faster, cheaper, and easier to rent. The alleged operation, called Outsider, shows how phishing-as-a-service has matured into a supply chain: developers build kits, data brokers provide targets, spammers send the texts, and theft crews monetize stolen cards and credentials.

According to Google’s complaint, the Outsider operation used Gemini and other AI tools to help generate fraudulent phishing pages, then pushed links to those pages through large SMS campaigns aimed largely at Americans. The lure was conventional: fake brokerage account warnings, mobile carrier rewards, and brand impersonation. The scale was not. Google says investigators identified more than 9,000 fake websites and over 1.59 million fraudulent URLs tied to Outsider between November 14, 2025, and April 14, 2026. In a two-week span from May 18 to June 1, 2026, Android users reportedly flagged 55,000 spam texts linked to the activity, while 2.5 million messages containing Outsider-generated links were sent to Android users.

The affected platforms are broad. This is not an Android-only issue, and it is not a Gemini vulnerability in the usual software flaw sense. The campaign abused SMS, mobile carrier trust, brand recognition, Telegram-based coordination, and AI-assisted web development. Android users appear prominently in Google’s telemetry because Google Messages can receive user reports and apply scam detection, but iPhone users, carrier customers, brokerage customers, and anyone who receives SMS or RCS messages can be targeted. Google says it is working with AT&T, T-Mobile, and Verizon to block malicious messages before they reach customers.

The core technical point is that AI can compress the work needed to build believable phishing infrastructure. A low-skill operator no longer needs to understand frontend development, form design, or CSS layout to produce a fake rewards portal or brokerage login page. The prompts described in the complaint were framed as ordinary coding requests, such as generating HTML for a gift redemption page. That matters because many safety filters are tuned to catch direct requests for malware, credential theft, or bypassing authentication. A request to create a clean-looking web page can look harmless until it is inserted into a phishing kit that captures keystrokes and card data.

Google says Outsider sold access for as little as $88 per week through a Telegram ordering bot. The kit allegedly included more than 290 templates impersonating trusted institutions, real-time keystroke logging, and dashboards for campaign performance. That combination is what makes phishing-as-a-service dangerous. It turns fraud into a repeatable workflow with customer support, analytics, and modular labor. One person can buy the kit, another can supply phone numbers, another can run bulk messaging tools, and another can cash out stolen payment cards.

The FBI’s Brett Leatherman summarized the defensive problem plainly: “Criminals increasingly use AI to make fraud like this more convincing and harder to detect.” That does not mean AI is inventing smishing from scratch. It means AI is improving the boring parts attackers used to outsource to skilled operators: writing cleaner copy, generating localized page variants, matching a brand’s visual style, and producing code quickly enough to rotate domains when blockers catch up.

This case also follows a broader enforcement pattern. In November 2025, Google filed a separate lawsuit over the Lighthouse phishing-as-a-service platform, which Google said ensnared more than 1 million users across 120 countries. The new Outsider action suggests Google is trying to pair technical blocking with civil litigation, aiming to disrupt domains, Telegram channels, servers, and payment paths. Lawsuits will not end smishing on their own, but they can raise operating costs and create evidence trails for law enforcement.

For defenders, the practical lesson is to treat text-message fraud as a real identity and payments risk, not as consumer nuisance spam. The FTC’s guidance on spam text messages is still the right baseline for individuals: do not click links in unexpected texts, contact the company through a known website or number, report junk in the messaging app, forward suspicious texts to 7726, and report fraud at ReportFraud.ftc.gov. Victims who lost money or exposed credentials should also consider filing with the FBI’s Internet Crime Complaint Center, which collects cybercrime reports and shares data with law enforcement partners.

Organizations should assume their brand may be impersonated even if their own systems are not breached. That changes the response plan. Security teams need a process for detecting lookalike domains, fake landing pages, and SMS campaigns that use company names. Legal, fraud, customer support, and security operations should know who can request takedowns, who can warn customers, and who can coordinate with carriers or registrars. A takedown request that takes five days is far less useful when phishing domains rotate in hours.

There is also a user-experience lesson for banks, carriers, and brokers. If legitimate messages often include shortened links, urgent reward language, or login prompts, attackers get free camouflage. Companies should make their own communications boring and predictable: avoid login links in SMS, use consistent sending numbers where possible, tell customers exactly where official alerts appear inside the app, and publish clear reporting instructions. A 2026 academic review of brand smishing guidance found that customer advice varies widely across industries, which weakens user training because people see different rules from every company they trust.

For individuals, the safest habit is simple but strict: treat any text link about money, rewards, account access, unpaid fees, package delivery, or urgent verification as untrusted. Open the company’s app yourself or type the known domain into the browser. If a message says your brokerage account is locked, do not use the text link. If a carrier says you have rewards points expiring, open the carrier app directly. If a payment page asks for card data after a text alert, stop and verify through a known channel.

For enterprise security teams, controls should focus on both prevention and recovery. Use phishing-resistant MFA where possible, especially passkeys or hardware-backed security keys for privileged and finance roles. Monitor for new domains that combine your brand with reward, billing, support, toll, delivery, refund, or verification terms. Add SMS scams to fraud runbooks, not only email phishing runbooks. Train help desks and customer support teams to recognize waves of customer calls that may indicate active impersonation. Make reporting easy enough that customers do it before they become victims.

AI providers also have work to do, but the answer is not as simple as blocking all web page generation. The same coding capability that can help a small business build a landing page can help a criminal build a fake one. Better defenses will likely combine abuse telemetry, repeated pattern detection, account reputation, post-generation signals, and rapid response when model output is found inside phishing infrastructure. Static prompt filters alone will miss requests that look like routine HTML assistance.

The immediate takeaway is practical: smishing has become industrialized, and AI is now part of that production line. The strongest defense is layered. Carriers need filtering, platform providers need detection, brands need fast takedowns and consistent customer guidance, and users need a habit of verifying through trusted channels instead of tapping links in urgent texts. Google’s lawsuit may disrupt one network, but the model behind Outsider is portable, cheap, and attractive to criminals. Treat every unexpected text link as a hostile input until proven otherwise.