Thursday, June 25, 2026

Valyrian News Network

Understanding, Automated

Crime & Justice Technology

FBI Busts China-Based Scam Empire Tied to 3.87M Stolen Cards

Valyrian News Network 5 min read

FBI Busts China-Based Scam Empire Tied to 3.87 Million Stolen Credit Cards

The FBI, in coordination with Google, Lumen Technologies’ Black Lotus Labs, and major U.S. wireless carriers, has dismantled a massive China-based phishing-as-a-service operation known as “Outsider Enterprise,” according to Fox News. The takedown, code-named “Operation Ghost Hook,” targeted a criminal network linked to approximately 3.87 million stolen credit cards and an estimated $1.9 billion in losses since July 2023.

The operation represents one of the largest financial cybercrime takedowns in history and marks Google’s first affirmative litigation specifically targeting AI-powered scammers. Victims were spread across 55 countries, with payment cards issued by institutions in 95 countries.

What Was Outsider Enterprise?

Outsider Enterprise operated as a sophisticated phishing-as-a-service (PaaS) platform — essentially a criminal software business that sold other criminals the tools to launch phishing campaigns. The operation maintained over 9,000 fake websites and more than 1 million fraudulent URLs designed to impersonate trusted brands.

The platform offered subscribers 290+ pre-built website templates impersonating banks, telecom providers, government agencies, shipping companies, state DMVs, E-ZPass, NYC government services, and retailers. Subscribers paid $88 per week or $200 per month for access, purchased through a self-service Telegram bot.

How the Operation Worked

Outsider Enterprise was structured as a turnkey criminal enterprise with four specialized divisions:

  1. Development Team: Created and maintained phishing software, website templates, and infrastructure
  2. Target Curation Team: Compiled target lists from public records, social media, and data breaches
  3. SMS Infrastructure Team: Operated smartphone banks, SIM cards, and modems for bulk SMS distribution
  4. Monetization & Laundering Team: Converted stolen credentials to cash and laundered proceeds

What made this operation particularly dangerous was its use of artificial intelligence. Tutorials showed subscribers how to prompt Google’s Gemini AI to generate HTML for phishing pages, disguised as requests for a “gift redemption page” to avoid safety filters. This marked a significant shift from earlier operations where human coders built fake sites manually.

Common lures included missed package notifications, unpaid tolls, parking violations, brokerage account problems, and mobile carrier rewards. In a two-week period in May 2026 alone, 2.5 million scam texts were sent to Android users, with 55,000 flagged as fraudulent.

The Takedown: Operation Ghost Hook

On June 12, 2026, the FBI executed “Operation Ghost Hook,” seizing core admin domains, a Shopify storefront, approximately $100,000 in USDT from payment wallets, and thousands of phishing domains registered through US-based providers. The FBI used Outsider Enterprise’s own Telegram bot to access information on the network’s customers.

Simultaneously, Google filed a federal lawsuit in the U.S. District Court for the Southern District of New York under the Racketeer Influenced and Corrupt Organizations (RICO) Act, alongside trademark infringement claims and allegations of misuse of Google Cloud and Drive services.

Brett Leatherman, Assistant Director of the FBI Cyber Division, said: “The criminals behind the Outsider Enterprise built a business out of impersonating trusted brands to defraud hundreds of thousands of victims. Criminals increasingly use AI to make fraud like this more convincing and harder to detect. Together with partners like Google, we can disrupt criminal networks in ways no single organization could on its own.”

Halimah DeLaine Prado, General Counsel at Google, added: “You’ve seen the texts: fake package alerts, urgent bank warnings, panicked messages about your compromised account. Behind them is an AI-powered cybercrime network built to steal your passwords and credit cards. Today, we’re fighting back.”

The Scale of the Problem

The takedown highlights the staggering scale of modern cybercrime. Google reports intercepting more than 10 billion scam messages per month through its AI-powered defenses. According to FBI statistics, $21 billion was stolen from more than 1 million Americans due to cybercrime in 2025 alone.

Rich Baich, Chief Information Security Officer at AT&T, emphasized the need for collective action: “Fighting fraud requires collective defense, and each technology provider in our industry plays an important role.”

Nasrin Rezai, Chief Information Security Officer at Verizon, noted: “Technical defenses alone are not enough, which is why we think it is important to combine aggressive legal action and collaboration with federal and state governments.”

Broader Implications

This case sets a significant legal precedent as Google’s first affirmative litigation targeting AI-powered scammers. The public-private partnership model — combining the FBI, Google, Lumen/Black Lotus Labs, AT&T, T-Mobile, and Verizon — demonstrates an effective framework for combating transnational cybercrime.

The operation also provides real-world evidence supporting proposed federal anti-scam legislation, including the National Strategy for Combating Scams Act sponsored by Senator Rick Scott and the Stop SCAMS Act sponsored by Representatives Brian Fitzpatrick and Josh Harder.

Congressman Brian Fitzpatrick (R-PA), a former FBI agent and federal prosecutor, said: “This is not spam. It is organized transnational crime moving through our phones, and it demands a response as coordinated and aggressive as the threat itself.”

What’s Next

While the takedown disrupts a major criminal infrastructure, the FBI acknowledges that the unnamed defendants are unlikely to face extradition from China. The seizure of $100,000 represents a fraction of the $1.9 billion in estimated losses. Phishing domains now redirect to an FBI splash page warning visitors.

Outstanding questions remain: How many other similar PaaS operations remain undetected? Can AI safety filters be improved to prevent misuse by criminals without hindering legitimate developers? And will the proposed federal legislation pass?

For now, the operation serves as a powerful reminder that the fight against cybercrime requires constant vigilance, international cooperation, and innovative public-private partnerships to stay ahead of increasingly sophisticated criminal enterprises.