Google sues Chinese network for weaponizing Gemini AI in smishing scams
Google has filed suit against a Chinese cybercrime network it says abused its Gemini AI to mass-produce phishing text messages and fake websites targeting Americans. The group runs a phishing-as-a-service kit called Outsider and used Gemini to generate fraudulent pages and large smishing campaigns. The texts impersonate trusted brands, warning of "brokerage account issues" or dangling carrier "rewards," and link to lookalike sites that harvest personal and financial details. Google says the lawsuit aims to dismantle the network's infrastructure. The case underscores how criminals are folding mainstream AI tools into industrialized phishing operations.
- Check
- Remind staff and yourself to treat unexpected texts about account problems or rewards as suspect, and review mobile-threat and link-protection telemetry for spikes in smishing referencing banks or carriers.
- Affected
- Mobile users, especially in the US, targeted by SMS phishing impersonating banks, brokerages, and phone carriers via the Outsider phishing-as-a-service kit; financial and personal data are the goal.
- Fix
- Never click links in unsolicited texts; navigate to institutions directly. Enable carrier and device spam filtering, report smishing, and use phishing-resistant MFA so stolen passwords alone cannot unlock accounts.