Google has sued a China-based cybercrime ring, accusing the group of using Gemini AI to power a sprawling text-message scam aimed at U.S. cellphone users.
The complaint landed on June 12 in Manhattan federal court. It targets an operation that Google calls the Outsider Enterprise. Google says the group blasted 2.5 million scam texts to Android users across two weeks in May. Those messages carried links to fake websites built to grab passwords, personal data, and financial details.
The case marks a fresh turn in the fight against online fraud. Criminals no longer need strong coding skills to spin up slick phishing pages. Instead, Google says, members leaned on Gemini AI and ready-made scam kits to move fast and hit people at scale.
A scam built to run at scale
The texts followed a familiar playbook.
Some warned users about hacked accounts. Others pushed fake package alerts, toll notices, or carrier warnings that looked real. Either way, the aim stayed the same. Get the user to tap a link, reach a fake site, and hand over sensitive information.
Google says the network spun up more than 9,000 fake websites and over 1 million fraudulent URLs. The pages impersonated trusted names, including Google, YouTube, the U.S. Postal Service, and New York’s E-ZPass toll system. Android users also flagged roughly 55,000 spam texts during the same two-week stretch.
That volume shows why the case matters. This was not one person firing off random texts. Rather, Google describes a structured crime business with tools, templates, and dashboards. Gemini AI gave the crew a shortcut, Google says. The group coordinated through Telegram and sold a subscription tool that ran about $88 a week, according to court filings.
How the chatbot fits in
Google’s complaint says scammers urged each other to use Gemini AI to write code for their fake sites. A request could look harmless at first. Someone might ask for code for a simple gift page. Then, criminals could drop that code into a phishing kit and flip it into a fake login screen.
That detail gives the lawsuit wider weight.
The threat does not come from the tool alone. Instead, it comes from how crime networks blend Gemini AI with old fraud tricks. Smishing, or SMS phishing, has run for years. Yet AI can help scammers polish messages, build pages faster, and test new versions of a scam.
As a result, fraud gets cheaper. It also gets harder for regular users to spot.
“Criminals increasingly use AI to make fraud like this more convincing and harder to detect,” said Brett Leatherman, assistant director of the FBI’s Cyber Division.
Even so, Gemini AI did the heavy lifting on the code, Google argues. The company says the Outsider software lets people launch campaigns without coding skills. Paired with Gemini AI, that setup can pull more low-level actors into cybercrime.
Google teams up with carriers and the FBI
Google says it worked with AT&T, T-Mobile, and Verizon to block the scam texts before they reach phones. The company also coordinated with the FBI as it moved to tear down the network’s infrastructure.
Verizon framed the case as a shared fight.
“As cybercriminals increasingly leverage advanced technologies like AI to execute sophisticated text-messaging scams, defeating these threats requires a unified, cross-industry response,” Nasrin Rezai, chief information security officer at Verizon, said in a statement. “We look forward to standing with Google, the telecom industry, and federal law enforcement in this coordinated effort to dismantle malicious domains and disrupt global cybercrime operations.”
The carriers matter because scam texts travel through mobile networks. Google can block bad domains and spot odd activity on its platforms. Still, telecom firms can stop many texts before they ever land.
What it means for everyday phone users
The lawsuit also hands cellphone users a clear warning.
Urgent texts pile on pressure. They claim an account will close, a package has stalled, or a reward will vanish. That pressure pushes people to act before they think.
So users should skip links in surprise texts. Instead, open the company’s official app or website. Treat any request for a password, a security code, or a card number as a major red flag.
Scammers copy real brands well. They borrow logos, colors, and familiar wording. Tools like Gemini AI can make a fake page look sharper than ever, and it can still drain your data in seconds.
Google says the complaint does not pin one dollar figure to the May texts alone. Even so, the FBI ties the broader operation to millions in losses and millions of stolen card numbers.
Pressure builds on AI makers
The Gemini AI case arrives as tech firms scramble to prove they can curb abuse of their own tools. Companies sell AI as a productivity engine for workers, developers, and shoppers. Yet the same speed can serve criminals just as well.
That creates a tough security puzzle.
When a chatbot writes website code, the request can look routine. But criminals can reuse that code inside a fake bank page, a phony delivery portal, or a bogus account-recovery screen. Google’s general counsel, DeLaine Prado, told The New York Times the scale stood out. “This is our first coordinated effort and lawsuit, and that speaks to the breadth of impact that this particular scam has,” she said.
Now Google wants the court to shut Outsider down. The company also backs new federal laws aimed at modern scams, including fraud campaigns that lean on Gemini AI and similar tools.
For users, the lesson stays simple. The next scam text may read cleaner than the last. It may sound more believable, and it may lead to a sharper fake site. That still does not make it real.
What do you think? Should tech companies face tougher rules when their tools help scammers, or should law enforcement focus mainly on the criminal networks behind the fraud? Please feel free to share your views in the comments.