• Home
  • cyber
  • Google and Shopify: FBI takes out huge AI-powered phishing service: Outsider Enterprise was using over a million phishing URLs to steal credit card data and passwords
cyber Cyber Attack

Google and Shopify: FBI takes out huge AI-powered phishing service: Outsider Enterprise was using over a million phishing URLs to steal credit card data and passwords

Jun 15, 2026 3 min read
Google and Shopify: FBI takes out huge AI-powered phishing service: Outsider Enterprise was using over a million phishing URLs to steal credit card data and passwords

FBI Disrupts Major Chinese Phishing-as-a-Service Operation, "Outsider Enterprise"

The FBI has dismantled Outsider Enterprise, a Chinese phishing-as-a-service (PhaaS) operation that enabled cybercriminals to launch large-scale phishing attacks. The takedown included the seizure of administration servers, a Shopify storefront, a Telegram bot used for storing stolen data, and approximately $100,000 in USDT cryptocurrency. Authorities also redirected thousands of phishing pages to an FBI warning site.

Active for roughly three years, Outsider Enterprise generated around 9,000 fake websites and over 1 million fraudulent URLs, leading to the theft of 3.8 million credit card records and an estimated $1.9 billion in losses. The service primarily relied on SMS-based phishing lures, targeting victims with spoofed login pages impersonating major brands.

Google also took legal action, filing a civil lawsuit against the operation’s infrastructure. The tech giant reported that in just two weeks, attackers sent 2.5 million fraudulent SMS messages to Android users, with only 55,000 flagged as suspicious. Google is collaborating with telecom providers to block such messages before they reach targets.

The operation, coordinated via Telegram, highlights the growing threat of PhaaS platforms, which allow even low-skilled criminals to execute sophisticated phishing campaigns at scale.

Source: https://www.techradar.com/pro/security/fbi-takes-out-huge-ai-powered-phishing-service-outsider-enterprise-was-using-over-a-million-phishing-urls-to-steal-credit-card-data-and-passwords

Google TPRM report: https://www.rankiteo.com/company/google-public-policy

Shopify TPRM report: https://www.rankiteo.com/company/shopify

"id": "goosho1781533703",
"linkid": "google-public-policy, shopify",
"type": "Cyber Attack",
"date": "6/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 'Millions',
                        'location': 'Global',
                        'name': 'General public (victims of phishing attacks)',
                        'type': 'Individuals'},
                       {'location': 'Global',
                        'name': 'Major brands (impersonated in phishing '
                                'attacks)',
                        'type': 'Corporations'}],
 'attack_vector': 'SMS-based phishing (smishing)',
 'data_breach': {'data_exfiltration': 'Yes (stored via Telegram bot)',
                 'number_of_records_exposed': '3.8 million',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High (financial and personally '
                                        'identifiable information)',
                 'type_of_data_compromised': 'Credit card records, login '
                                             'credentials'},
 'description': 'The FBI has dismantled *Outsider Enterprise*, a Chinese '
                'phishing-as-a-service (PhaaS) operation that enabled '
                'cybercriminals to launch large-scale phishing attacks. The '
                'takedown included the seizure of administration servers, a '
                'Shopify storefront, a Telegram bot used for storing stolen '
                'data, and approximately $100,000 in USDT cryptocurrency. '
                'Authorities also redirected thousands of phishing pages to an '
                'FBI warning site. The operation generated around 9,000 fake '
                'websites and over 1 million fraudulent URLs, leading to the '
                'theft of 3.8 million credit card records and an estimated '
                '$1.9 billion in losses. The service primarily relied on '
                'SMS-based phishing lures, targeting victims with spoofed '
                'login pages impersonating major brands.',
 'impact': {'data_compromised': '3.8 million credit card records',
            'financial_loss': '$1.9 billion (estimated)',
            'identity_theft_risk': 'High',
            'payment_information_risk': 'High'},
 'investigation_status': 'Disrupted (servers seized, assets frozen)',
 'lessons_learned': 'The incident highlights the growing threat of '
                    'Phishing-as-a-Service (PhaaS) platforms, which lower the '
                    'barrier for cybercriminals to execute large-scale '
                    'attacks. Collaboration between law enforcement, tech '
                    'companies, and telecom providers is critical to '
                    'disrupting such operations.',
 'motivation': 'Financial gain',
 'post_incident_analysis': {'corrective_actions': 'Seizure of infrastructure, '
                                                  'legal action, and '
                                                  'collaboration with telecom '
                                                  'providers to block phishing '
                                                  'messages',
                            'root_causes': 'PhaaS model enabling low-skilled '
                                           'criminals to launch large-scale '
                                           'phishing attacks; lack of SMS '
                                           'filtering to block fraudulent '
                                           'messages'},
 'recommendations': ['Enhance SMS filtering to block phishing messages before '
                     'they reach users',
                     'Improve detection of spoofed login pages impersonating '
                     'brands',
                     'Increase public awareness of smishing threats',
                     'Strengthen collaboration between private sector and law '
                     'enforcement to dismantle PhaaS operations'],
 'references': [{'source': 'FBI'}, {'source': 'Google'}],
 'regulatory_compliance': {'legal_actions': 'Google filed a civil lawsuit '
                                            'against the operation’s '
                                            'infrastructure'},
 'response': {'containment_measures': 'Seizure of administration servers, '
                                      'Shopify storefront, and Telegram bot; '
                                      'redirection of phishing pages to FBI '
                                      'warning site',
              'law_enforcement_notified': 'FBI',
              'third_party_assistance': 'Google (legal action and '
                                        'collaboration with telecom '
                                        'providers)'},
 'threat_actor': 'Outsider Enterprise (Chinese cybercriminal group)',
 'title': 'FBI Disrupts Major Chinese Phishing-as-a-Service Operation, '
          "'Outsider Enterprise'",
 'type': 'Phishing-as-a-Service (PhaaS)'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.