FBI Disrupts Massive AI-Powered Phishing Service with a Million URLs

In a joint effort, the FBI, in collaboration with Google and Black Lotus Labs, has successfully dismantled a large-scale Chinese phishing operation known as Outsider Enterprise. This operation utilized thousands of phishing websites to steal sensitive information such as credit card data and passwords.

The cybercriminals behind Outsider Enterprise employed advanced AI technology and distributed phishing kits to launch campaigns impersonating well-known brands, including those associated with AT&T, T-Mobile, and Verizon.

Operating since at least 2023, Outsider Enterprise conducted its illicit activities on a massive scale. Google identified approximately 9,000 fake websites linked to the operation, along with over a million fraudulent URLs.

Authorities estimate that phishing campaigns orchestrated by Outsider Enterprise resulted in the theft of more than 3.8 million credit card records, leading to an estimated $1.9 billion in financial losses.

Operation Riptide: A Strategic Response

The crackdown on Outsider Enterprise is part of Operation Riptide, a comprehensive FBI initiative aimed at combating cybercrime activities and dismantling related infrastructure.

During the technical takedown, the FBI and its partners seized multiple administration servers, a Shopify e-commerce storefront, and an account used by the threat actor to test the phishing service.

Furthermore, the agency confiscated approximately $100,000 USDT from Outsider Enterprise’s payment wallets. Thousands of phishing domains registered by the threat actor through U.S. providers now redirect to an FBI-operated splash page.

The FBI also took control of a Telegram bot associated with Outsider Enterprise, containing valuable information on customers of the phishing service.

According to Google, the AI-driven phishing scheme impacted hundreds of thousands of users globally.

Google has initiated a civil lawsuit targeting the operation’s infrastructure and is collaborating with major telecommunication service providers to block fraudulent messages before reaching subscribers.

Google’s legal action aims to combat organized cybercrime facilitated by Outsider Enterprise, which operates from China and leverages Telegram to distribute phishing kits for fraudulent campaigns impersonating reputable brands.

Recent data from Google reveals that over a two-week span in May, 2.5 million SMS messages were dispatched to Android users from the Outsider Enterprise infrastructure, with 55,000 identified as fraudulent by Android users.

Google estimates that these scams resulted in millions of dollars in losses for hundreds of thousands of victims.

Utilizing AI-powered defenses, Google continues to protect Android users by detecting and blocking suspicious calls and malicious messages, preventing over 10 billion such messages monthly.

Advocating for Anti-Scam Legislation

Google advocates for the Stop SCAMS Act and other anti-scam bills to enhance legal protections against AI-driven fraud. The proposed legislation mandates coordinated efforts among federal agencies, law enforcement, and private entities to combat fraud and scam operations effectively.

The Stop SCAMS Act empowers the FBI to spearhead a national anti-scam strategy, fostering collaboration to track, disrupt, and prevent fraudulent activities.

Google underscores the importance of AI-driven defenses in safeguarding Android users against evolving threats, emphasizing the need for continuous vigilance and proactive measures to counter cybercriminal activities.

Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

See also  Cloudflare Evasion: How Phishing Targets TikTok Business Accounts Through Turnstile Tactics

The Picus whitepaper demonstrates how breach and attack simulation tests enhance SIEM and EDR rules to bolster threat detection.

Get the whitepaper