FBI takes down a $1.9B AI phishing-as-a-service ring: the model is the lesson
The FBI, Google, and Lumen disrupted "Outsider Enterprise", which used AI to mass-produce over a million scam URLs. Here is why it will refill, and the one tell AI cannot fake.
Verdict
The FBI's Outsider Enterprise takedown removed one operation, not the threat. AI phishing-as-a-service makes brand-perfect scam texts cheap and endless, so the only reliable defence is the rule that never changes: never act on a link in an unexpected SMS, open the official site yourself. A real bank, card issuer, delivery firm, toll authority, or tax body never asks you to "verify" details or pay through a text link. In the US, forward scam texts free to 7726 (SPAM) and report at reportfraud.ftc.gov and ic3.gov.
What happened: Operation Ghost Hook
On 12 June 2026, the FBI, working with Google and Lumen Technologies' Black Lotus Labs threat-research team, disrupted a China-based phishing-as-a-service (PhaaS) operation. Google tracks the group as "Outsider Enterprise"; the law-enforcement action was codenamed "Operation Ghost Hook". Alongside the seizures, Google filed a civil lawsuit against the operators on the same day.
The numbers are the story. According to the FBI and Google, the operation had been active since July 2023 and used AI, including Google's Gemini and other AI tools, to mass-produce phishing pages and more than one million fraudulent URLs. Those URLs impersonated trusted brands, banks, card issuers, delivery firms, toll authorities, and tax agencies, and were pushed to victims by SMS (smishing) to steal credit-card data and passwords. The FBI estimates the ring enabled the theft of around 3.87 million credit-card records and roughly $1.9 billion in losses, hitting hundreds of thousands of victims worldwide.
It was a subscription business. The kit was sold to other criminals for about $88 a week or $200 a month, lowering the bar so that anyone, not just skilled coders, could run a brand-perfect phishing campaign. In the takedown, the FBI seized multiple admin servers, a Shopify storefront, a test account, and about $100,000 in USDT from the payment wallets. Thousands of the phishing domains registered at US providers now redirect to an FBI splash page, and Google is coordinating with AT&T, T-Mobile, and Verizon to block the fraudulent messages.
Why the takedown is a win but not the end
This is the part that matters for everyday users, and it is our niche. Seizing servers and $100,000 in crypto is real disruption, and the redirected domains and carrier blocking will spare a lot of people. But the lesson is the model, not the single ring. Outsider Enterprise proved that AI lets criminals mass-produce flawless, typo-free, brand-perfect phishing at industrial scale and sell it as a cheap subscription. The demand did not disappear with the servers. As long as a $200-a-month kit can clone any bank in any language, copycats will refill the gap.
AI removes the old tells. For years the advice was "look for bad grammar, broken logos, weird phrasing". That advice is now obsolete. A modern AI-generated phishing page has perfect spelling, the right tone, a pixel-accurate logo, and convincing localisation in your language. You cannot out-read it. The content is designed to pass the eye test, and increasingly it does.
What still gives it away: the domain and the channel
If AI can fake the words and the look, what is left? Two things the attacker still cannot fake: where the link actually goes, and how the message reached you.
The channel. A real bank, card issuer, delivery company, toll authority, or tax agency never asks you to "verify" your account or pay a fee through a link in an unexpected SMS. That is simply not how these institutions operate. The moment a text pushes you to a link to confirm details or settle a charge, the channel itself is the red flag, regardless of how polished the message reads.
The domain. The link in the message is never the brand's real address. The genuine site is the brand's own .com or a government .gov. A scam link is a lookalike: a random string, the wrong TLD, or the brand glued on as a fake subdomain of a foreign domain. The domain is the one signal AI cannot generate its way around, because the real domain is already owned by the real company. Examples of the patterns these kits churn out:
- Wrong-TLD and lookalike: usps-redelivery[.]top, chase-secure-verify[.]com, irs-refund-portal[.]xyz.
- Brand-as-subdomain chain: chase.com.account-verify[.]xyz, where the real domain is
account-verify.xyz, notchase.com. The brand label is just glued to the front to trick the eye. - Toll and delivery bait: ezpass-toll-pay[.]info, fedex-redeliver[.]online.
Read a URL from right to left. The real domain is the last two labels before the first single slash. If that is not the brand's genuine address, stop.
Test a suspicious link right now
Got a phishing email or text? Paste the suspicious link below. Our 3-layer engine (Local + APIs + AI) returns a verdict in ~3 seconds. Free, no signup.
The other tell: urgency, and "but it knew my name"
The AI writes the words, but the playbook is old, and it leans on two pressures. First, urgency. "Your account is locked", "your package is being held", "your toll is unpaid", "your card is suspended", "pay within 24 hours". Pressure is the point. A manufactured deadline exists to make you click before you think. A real institution gives you time and contacts you through your account, not a countdown in a text.
Second, personalisation. These texts arrive in waves built on leaked phone numbers and breach data, so one may already know your name. Receiving a message that addresses you correctly is not proof it is real. Leaked data is a tool the sender bought, not a credential. Treat a text that already knows your details as more suspicious, not less.
Red flags: what to check in 10 seconds
- An unexpected SMS with a link. Banks, card issuers, delivery firms, toll authorities, and tax bodies do not ask you to verify or pay through a text link.
- The domain is not the brand's real .com or .gov. A lookalike, wrong TLD, or random string in the link is a scam, no matter how perfect the page looks.
- The brand appears as a subdomain. In chase.com.account-verify[.]xyz the real domain is account-verify.xyz, not chase.com.
- Urgency. "Account locked", "package held", "toll unpaid", "pay within 24h" is manufactured pressure.
- A card or login form behind the link. Entering details there hands them straight to the attacker.
- It knows your name. After years of breaches, personalisation is cheap. It is not proof of legitimacy.
What to do when a suspicious text lands
Do not tap the link, do not reply, do not call any number it lists. If the message claims to be from a company you use, open that company's official app or type its real address into your browser yourself and check your account there. If there is no alert, no held package, and no unpaid toll, the text was fake.
To report in the US: forward the scam SMS free to 7726 (SPAM), which sends it to your carrier. File a report at reportfraud.ftc.gov (the FTC) and, for fraud and cybercrime, at ic3.gov (the FBI's Internet Crime Complaint Center). Reporting feeds the same threat data that made Operation Ghost Hook possible.
What to do if you fell for it
Speed matters. Order of operations:
- If you entered card details, call your bank using the number on the back of your physical card, not any number from the message. Freeze the card and request a new one.
- Dispute any unauthorised charge. US card networks and your bank's zero-liability policies cover fraudulent transactions. Keep screenshots of the message and the fake page as evidence.
- If you entered a password or login, change it immediately, plus any other account where you reused it, and turn on two-factor authentication.
- Report it at reportfraud.ftc.gov and ic3.gov so the loss is recorded and feeds future takedowns.
- Watch for follow-up calls. After a successful phish, attackers often call back posing as your bank or "fraud department", asking you to move money to "secure" it. That second stage is where the largest losses happen.
How SafeBrowz flags AI-generated phishing pages
Because AI-generated phishing pages now look perfect, content alone is not enough to judge them, so SafeBrowz leans on signals AI cannot fake. It flags any page using a brand's name on a non-official domain, content-free, meaning it does not need to read the page to judge it. It catches the subdomain-chain trick (brand.com.attacker[.]xyz) by parsing the real registrable domain rather than the label the eye lands on first. It catches free-host and reseller-suffix lookalikes that AI kits hide behind. And its AI content layer reads pages in 100+ languages, so a phishing kit's localisation does not let it slip past. This is detection methodology built on a brand database and threat-intelligence research.
Detection signatures come from a brand database and threat research, not from user browsing data. No per-user browsing history is stored. The reliable tells remain the domain and the channel, and SafeBrowz encodes exactly that logic.
Updated
Last updated June 15, 2026. We refresh the lookalike-domain examples and reporting channels as the FBI, Google, and Lumen publish new takedown patterns following Operation Ghost Hook.
Block AI phishing pages before you tap
SafeBrowz is a free browser extension for Chrome, Firefox, and Edge that blocks pages impersonating banks, card issuers, delivery firms, toll authorities, and tax agencies automatically. It recognises 550+ brands and flags any page using a brand's name on a domain that is not the official one. AI content analysis works in 100+ languages and spots new phishing domains the moment they go live. Free forever, no account needed.
Add to Chrome
Add to Firefox
Add to EdgeFrequently asked questions
What was Outsider Enterprise and Operation Ghost Hook?
Outsider Enterprise is the name Google gives a China-based phishing-as-a-service operation active since July 2023. Operation Ghost Hook is the FBI-led takedown, run with Google and Lumen Technologies' Black Lotus Labs and announced on 12 June 2026. The ring used AI, including Gemini and other tools, to mass-produce over one million fraudulent smishing URLs impersonating banks, delivery firms, toll authorities, and tax bodies.
How much did the AI phishing ring steal?
The FBI estimates the operation enabled the theft of around 3.87 million credit-card records and roughly $1.9 billion in losses, hitting hundreds of thousands of victims worldwide. The kit was sold by subscription for about $88 a week or $200 a month. In the takedown, the FBI seized servers, a Shopify storefront, and about $100,000 in USDT from the payment wallets.
Does the takedown mean smishing texts will stop?
No. The takedown removed one operation, not the underlying model. Because a cheap subscription kit can clone any brand in any language using AI, copycats will refill the gap. The defence that does not change is the rule: never act on a link in an unexpected SMS, open the official site or app yourself.
If an AI phishing page looks perfect, how do I spot it?
By the channel and the domain, not the content. A real bank, card issuer, delivery firm, toll authority, or tax body never asks you to verify or pay through a link in an unexpected text. And the link is never the brand's real .com or .gov, it is a lookalike, wrong TLD, or the brand glued on as a fake subdomain. AI can fake the words and the logo; it cannot own the real domain.
The text knew my name. Doesn't that make it real?
No. These texts arrive in waves built on leaked phone numbers and breach data, so one may already know your name. A message that addresses you correctly is using bought data, not proving legitimacy. Treat a text that already knows your details as more suspicious, not less.
How do I report a phishing text in the US?
Forward the scam SMS free to 7726 (SPAM), which sends it to your carrier. File a report at reportfraud.ftc.gov (the FTC) and, for fraud or cybercrime, at ic3.gov (the FBI's Internet Crime Complaint Center). Reporting feeds the same threat data that made takedowns like Operation Ghost Hook possible.