Overview
- Google filed a civil lawsuit in the Southern District of New York and worked with the FBI and major U.S. carriers in a coordinated takedown on Monday, June 15, seizing admin domains and rerouting thousands of phishing sites to an FBI notice.
- Investigators tied the service to roughly 9,000 fake websites, more than one million malicious URLs, about 2.5 million scam texts sent to Android users during a two‑week May spike, and an FBI estimate of about 3.8–3.87 million stolen payment cards with roughly $1.9 billion in losses since 2023.
- Outsider Enterprise sold a phishing‑as‑a‑service via a Telegram bot with subscriptions starting near $88 per week, provided over 290 prebuilt templates, and included tutorials that allegedly prompted Google’s Gemini to generate phishing HTML to evade model safeguards.
- Law enforcement seized a Shopify test storefront and roughly $100,000 in cryptocurrency, used the platform’s Telegram bot for customer intelligence, and the companies say carriers are blocking scam texts while civil and criminal investigations continue amid likely extradition limits.
- Google is pressing for permanent technical and legal fixes, backing seven bipartisan bills to curb AI‑driven fraud, and the case signals that faster carrier filtering, stronger authentication rules, and international cooperation will be needed to protect consumers.