Google’s civil complaint in the Southern District of New York, filed June 12, reads like a crime ledger: nearly 3.9 million stolen credit cards, attacks across 55 countries, and an estimated $1.9 billion in losses from a single China-based phishing-as-a-service network active since July 2023.
Operation Ghost Hook, the FBI’s coordinated takedown with Google and Lumen Technologies, netted core admin server domains, a Shopify storefront, thousands of U.S.-registered phishing domains, and roughly $100,000 from Outsider’s payment wallets. The bureau also used Outsider’s own Telegram bot to access subscriber data on the network’s customers.
I read the complaint this week, and the business model is the detail worth sitting with: $88 per week for a ready-to-deploy phishing kit, with step-by-step instructions for using Gemini and other AI platforms to generate custom lure code for fake missed packages, overdue tolls, or brokerage account alerts. The complaint notes Outsider’s software “allows scammers to request multiple types of verification from victims, including SMS, PIN, email and app verification,” a feature that enables attackers to defeat various forms of authentication security at scale.
Google General Counsel Halimah DeLaine Prado’s blog post makes the strategic logic explicit: civil suits can dismantle infrastructure faster than the criminal docket moves. That’s why Google is coordinating with AT&T, T-Mobile, and Verizon to block outbound messages, and backing seven bills, including the Stop SCAMS Act, to close the legislative gap. Civil enforcement plus carrier coordination plus legislation is a stack DOJ criminal charges can’t replicate alone.
Operation Riptide, the FBI’s ongoing campaign targeting cybercrime financial networks, continues. Worth auditing this quarter.
Rebecca Lauren