The FBI has helped dismantle a massive phishing-as-a-service operation that used artificial intelligence to create fraudulent websites and steal sensitive information from victims around the world.
The operation, known as Outsider Enterprise, was disrupted through a coordinated effort involving the FBI, Google, and threat intelligence researchers from Black Lotus Labs. Investigators say the platform enabled cybercriminals to launch sophisticated phishing campaigns at scale, using more than one million malicious URLs to impersonate trusted brands and online services.
According to investigators, Outsider Enterprise operated as a commercial cybercrime service, providing subscribers with ready-made phishing kits, website templates, and AI-assisted tools that dramatically lowered the barrier to entry for online fraud. The service allegedly allowed criminals with limited technical knowledge to generate convincing phishing pages designed to steal login credentials, financial information, and payment card data.
Authorities estimate the operation was linked to the theft of more than 3.8 million payment card records and approximately $1.9 billion in fraud-related losses worldwide. Investigators say the platform targeted users through SMS phishing campaigns and fraudulent websites that closely mimicked legitimate organizations.
Google separately revealed that it detected more than 1.5 million URLs connected to the operation between November and April. The company alleges that the platform abused Google services and trademarks to make phishing campaigns appear more credible and increase the likelihood that victims would trust fraudulent messages and websites.
The phishing kits reportedly incorporated AI tools to automate parts of the attack process, including the creation of fake websites and phishing content. Security experts warn that the growing use of artificial intelligence is making phishing attacks more convincing, allowing cybercriminals to rapidly generate personalized scams with fewer resources.
As part of the takedown, authorities seized infrastructure associated with the operation and redirected malicious domains to FBI-controlled warning pages. The action disrupted a significant portion of the network’s phishing infrastructure, although investigators caution that similar services continue to operate across underground cybercrime forums.