Background
Since at least July 2023, a China-based cybercrime network known internally as “Outsider Enterprise” operated one of the internet’s most sophisticated phishing-as-a-service (PhaaS) platforms. For $88 per week or $200 per month — advertised and sold through a Telegram bot — the platform gave low-skill criminals access to more than 290 professionally designed phishing page templates impersonating Google, Gmail, Google Pay, YouTube, U.S. government agencies, banks, telecom carriers, and toll-road operators like E-ZPass.
What made Outsider Enterprise different from prior phishing operations was its systematic integration of Google’s own artificial intelligence. The ring’s operators distributed tutorials coaching subscribers to use Google’s Gemini AI model to generate HTML and CSS code for new phishing pages — framing the requests as building “gift redemption pages” to evade Gemini’s built-in safety filters. Gemini’s assistance allowed subscribers to produce professional-grade fake sites without any programming skill.
The scale was enormous. Between November 2025 and April 2026 alone, Google detected more than 1.59 million malicious URLs generated by the platform. Over a two-week period in May–June 2026, the network sent approximately 2.5 million fraudulent SMS messages to Android users across 55+ countries, generating roughly 55,000 spam complaints. The FBI estimates that since July 2023, the operation has been linked to approximately 3.87 million stolen payment cards and roughly $1.9 billion in victim losses. More than 100,000 individuals were defrauded.
Google filed suit on June 12, 2026, coordinating the civil action with the FBI’s “Operation Ghost Hook” — a parallel criminal enforcement action that simultaneously seized the ring’s core administrative domains, took down its Telegram sales bot and Shopify storefront, and froze approximately $100,000 in cryptocurrency held in Outsider Enterprise payment wallets.
The Court’s Holding
On June 26, 2026, Judge Victor Marrero granted Google an emergency temporary restraining order (TRO) blocking the defendants from using Google Gemini, Google Drive, Google Cloud, and other Google services to operate their phishing infrastructure. The judge found that Google had demonstrated the Outsider Enterprise “threatened the security of the internet” and that the balance of harms favored immediate relief pending a full preliminary injunction hearing.
Google’s complaint asserts seven claims: (1) Lanham Act trademark infringement and false designation of origin — the phishing templates bear Google’s federally registered marks (Google, Gemini, Gmail, Google Pay, YouTube, Android) without authorization; (2) copyright infringement — the templates copy Google’s distinctive user interface designs and logos; (3) violations of the Computer Fraud and Abuse Act (CFAA) — the operation’s fake login pages constitute unauthorized access attempts on protected computers; (4) civil RICO — the network constitutes an organized criminal enterprise under 18 U.S.C. § 1962; (5) wire fraud; (6) false advertising; and (7) breach of contract — defendants agreed to Google’s Terms of Service and then violated them systematically.
Key Takeaways
- First reported case of Google suing over misuse of Gemini. Google’s complaint explicitly describes how the defendants coached subscribers to use Gemini to generate phishing code, and the Lanham Act claims extend to the unauthorized use of the Gemini trademark in fraudulent infrastructure. This creates a legal template for IP enforcement when AI tools are weaponized.
- Civil IP litigation as law-enforcement force multiplier. Google used the TRO to achieve in hours what criminal indictments often take months to accomplish — immediate account terminations, domain rerouting, and platform shutdown — coordinated in parallel with FBI seizures under Operation Ghost Hook.
- Trademark law reaches AI-assisted impersonation. The ring’s use of Google’s marks in thousands of fake websites satisfies traditional Lanham Act infringement and false-designation-of-origin elements, and the court applied them without modification to an AI-generated context.
- RICO adds significant damages exposure. If the civil RICO claim survives, defendants face treble damages under 18 U.S.C. § 1964(c), in addition to Lanham Act statutory damages of up to $2 million per willfully infringed mark.
Why It Matters
Outsider Enterprise is the clearest demonstration to date that AI tools lower the skill floor for large-scale IP infringement. Before tools like Gemini, building hundreds of convincing fake bank and government websites required significant technical expertise. Outsider Enterprise sold that expertise as a subscription, but adding Gemini removed even that barrier — subscribers could prompt the AI for ready-made phishing code with a single message.
Google’s decision to anchor its enforcement action on Lanham Act trademark claims — rather than relying solely on CFAA computer-fraud theories — signals that IP law may be one of the sharpest tools available when AI platforms are misused to infringe marks at scale. The complaint’s structure, combining trademark, copyright, RICO, and CFAA claims, is likely to serve as a model for future AI-misuse enforcement by other brand owners. Brand protection practitioners should watch how Judge Marrero handles the full preliminary injunction briefing, and whether the TRO scope (barring use of Google’s services) survives or narrows.
Surfaced via Law360 IP newsletter (Law360 article #2494550); coordinated FBI enforcement reported by SecurityWeek and TechCrunch. Complaint available via DocumentCloud.