The FBI seized the factory behind a million scam links — not the scammers, the machine they all rented

Cybersecurity 4 min 58 sources

A coordinated takedown dismantled "Outsider Enterprise," a Chinese phishing-as-a-service operation tied to $1.9 billion in losses, as new figures show AI-driven fraud hit record scale.

Key takeaways

The FBI and Google dismantled a Chinese "phishing-as-a-service" operation tied to 3.8 million stolen card records and $1.9 billion in losses — seizing the shared machine that armed thousands of scammers, plus the customer list.
UK fraud hit a record 4.1 million money-loss cases last year as AI lets criminals clone voices and run cons at far greater scale.
The safest defence against any "your account is compromised" message is unchanged: never act on an inbound call or text — hang up and contact your bank on the number on your card.

The FBI, working with Google and the security firm Black Lotus Labs, has taken apart a phishing operation that armed thousands of scammers at once. [1] The target was not a person. It was a business — a Chinese operation called Outsider Enterprise that sold ready-made scam kits the way a software company sells subscriptions. [1]

Phishing is the trick where a message pretends to be a brand you trust — your bank, a delivery firm, Google — to get you to type a password or card number into a fake page. [1] Outsider Enterprise made that trick into a product. It distributed the kits, ran the infrastructure, and let its customers “blast out fake text campaigns,” in Google’s words. [1] Active since at least 2023, it was linked to 9,000 fake websites and more than a million fraudulent URLs. [1] Authorities estimate the campaigns it powered stole 3.8 million credit card records and caused about $1.9 billion in losses. [1]

How one takedown reached thousands of scammers

The operation worked because the scammers didn’t have to be skilled. They rented skill. One supplier built the fake pages, ran the servers, and pushed the texts through the major US carriers — AT&T, T-Mobile, and Verizon — impersonating trusted brands. [1] Over two weeks in May, Google says 2.5 million scam texts went to Android phones from this one network; users flagged 55,000 as fraud. [1]

That shared design is also why a single takedown landed so hard. The FBI seized administration servers, a Shopify storefront the operation sold through, and a test account, and grabbed about $100,000 in cryptocurrency from its payment wallets. [1] Thousands of scam domains now redirect to an FBI page instead of a fake login. [1] The agency also took over a Telegram bot that held the operation’s customer list — meaning the seizure didn’t just break the machine; it exposed the people who rented it. [1] The action is part of a wider FBI effort called Operation Riptide. [1]

Google has filed a civil lawsuit against the infrastructure and is working with the carriers to block the fraudulent messages before they reach phones. [1] It is also backing seven proposed US anti-scam bills, including one that would put the FBI in charge of a national anti-scam strategy. [1]

The scale this is fighting

The takedown lands against a fast-rising tide. In the UK, a new annual report from the banking body UK Finance counted 4.1 million cases of fraud where money was lost last year — up 11% in a year, and 31% since 2023. [10] That is nearly eight every minute. Losses to investment scams jumped 40% to a record; almost £1.3 billion was stolen in 2025. [10] Banks called the problem “a national security threat.” [10]

The common thread is artificial intelligence lowering the cost of deception. Criminals now use AI to mimic the voices of celebrities — and of victims’ own family and friends — so the same con runs at far greater volume. [10] A florist in North Yorkshire was scammed out of £80,000 by a man on a dating app using another person’s photos. [10] Experts believe most scams go unreported, so the real numbers are higher. [10]

Why the “I should know better” cases matter

One case shows how little the trick relies on the victim being careless. Tom Honeyands, a technology reviewer with 1.63 million YouTube subscribers, lost £70,000 to a single phone call. [7] Someone claiming to be from his bank said his account was compromised and walked him through “verifying” cancellations. The codes he read out were not cancellations — they authorised 12 payments to new accounts the scammers controlled. [7]

The caller knew his name, address, which bank he used, and that he was travelling — details he suspects were pieced together from his own videos, where his bank’s app icon sat on his home screen. [7] The con only broke when his real bank rang on another line. “I had the hacker on hold and the actual bank security team on another line,” he said, “thinking, ‘Who is real?’” [7] The lesson he draws is plain: be careful what your posts give away, and never act on an inbound call — hang up and dial the number on the back of your card. [7]

That advice is the through-line of the whole day. A bank or platform that contacts you first, then asks you to move money or read out a code, is the pattern itself. The safest move is always the same: stop, hang up, and reach the institution on a number you already trust. [7]

02 · Lesson · why it matters

Why you fight a swarm by hitting the thing it shares

A thousand independent attackers who all rent from one supplier aren't a thousand problems — they're one problem wearing a thousand masks.

The scammers weren’t the target

When the FBI broke up Outsider Enterprise, it didn’t arrest a thousand scammers. It seized a few servers, a storefront, and a customer list. The people running the actual cons were left holding kits that no longer worked.

That is a strange way to fight crime. The criminals were everywhere — scattered across countries, untraceable one by one, each blasting their own texts. Chasing them individually is a losing game. So the FBI didn’t chase the swarm. It went after the one thing the whole swarm had in common: the supplier they all rented from.

When crime becomes a service, it grows a single spine

Outsider Enterprise was not a gang of hackers. It was a company. It built the fake pages, ran the infrastructure, pushed the texts through the phone carriers, and rented all of that out. Its customers didn’t need skill. They needed a subscription.

This is how scamming got so big so fast. You no longer have to know how to forge a bank’s login page or move a million messages through a carrier. You pay someone who already does. One supplier did the hard part once, and thousands of others sold the result. That is the same logic that makes any platform powerful — do the expensive work once, let everyone else build on top.

But sharing the hard part has a cost the renters can’t see. Every one of them now depends on the same servers, the same storefront, the same payment wallets. Their strength — cheap, instant scale — runs through a single spine. Cut the spine, and a thousand operations go dark at once.

The same shape, on the other side

This isn’t only an attacker’s trap. It’s the shape of almost everything we depend on. A whole town’s water runs through one treatment plant. A continent’s online shops sit on a handful of cloud providers. Thousands of apps trust the same login service. The convenience and the fragility are the same fact, seen from two sides.

Most of the time, the shared spine is a gift — it makes things cheap and fast for everyone leaning on it. The danger is that the people leaning on it usually can’t see how much they’re leaning, or on what. Each scammer renting a kit felt independent. They were not. Each website trusting one login service feels like it controls its own front door. It does not.

The leverage lives where the dependence concentrates

The reason the takedown worked is the reason these systems are worth understanding at all. Power, in a connected system, gathers at the points where many separate things quietly rely on one. That point is where the most good can be done — and the most harm. Seizing one supplier disarmed thousands of scams. The same chokehold, in the wrong hands or simply broken by accident, takes thousands of honest things down with it.

For an ordinary person, the practical edge is smaller but real. The scams this machine produced all wore the same face: a message that says your account is in danger and asks you to act now. The kits change; that shape doesn’t. You can’t inspect the servers in China. You can refuse the one move every version of the trick needs — acting on a message that came to you. Hang up. Dial the number on your card. The whole industry, for all its scale, breaks on that single habit.

What the seat can’t see

It’s tempting to read this as a clean win — the good guys found the weak point and pulled the plug. That half is true. The harder half is that you are sitting on top of spines just like it, right now, that you didn’t choose and can’t see. The apps on your phone, the bank you trust, the carrier that delivered the scam text and could have blocked it — each is a shared point that someone else controls, and that holds until it doesn’t.

Seeing that should make the world feel less like a set of separate doors you can each lock, and more like a web of shared joints, most of them out of your reach. The point isn’t fear. It’s humility about how much of your safety runs through hands that aren’t yours — and how little any one of us, from any one seat, can see of where those joints actually are.

03 · Lab · your turn

Find the Spine

Strike a network of scam operations and feel why hitting the shared supplier disarms thousands at once, while chasing them one by one never ends.