Google's civil suit against a network it calls Outsider Enterprise targets the kit vendors, not the bait. The complaint describes a two week, Telegram based operation that routed 2.5 million malicious SMS messages to Android devices and stood up 9,000 fake sites.
The "Your account has been compromised" text sitting in your message log was not a solo effort. It was the end product of a distribution network: a Telegram-based operation that built phishing kits, sold access to downstream fraudsters, and pumped out brand-impersonation lures at a volume that hand-written scams could never match. Google says it has now filed a US civil complaint against the group it dubs "Outsider Enterprise," calling it the largest known phishing-kit factory on record, according to The Register's report on the filing.
The mechanism in Google's complaint is not a novel intrusion technique. SMS phishing has existed for years. What changed, on Google's account, is throughput. AI-generated copy and brand templates let the same operator produce convincing "Google account alert" or package-delivery lures at a scale that older fraud rings could not. The kits, distributed on Telegram channels, are sold to lower-tier scammers who run the actual SMS blasts. Google labels the tooling "AI-powered" in the complaint; the underlying technical detail, including generative copy, brand impersonation, and credential-harvesting pages, comes from Google's characterization as relayed by The Register.
The numbers in the filing are large and, for now, single-sourced. Google says the operation, in a two-week window in May 2026, was tied to roughly 2.5 million SMS messages routed to Android devices, more than 9,000 fraudulent websites, and over one million malicious URLs. Hundreds of thousands of people were allegedly defrauded, with the loot being login credentials, payment cards, and other personal data harvested through lookalike login pages. The Register reports those figures as drawn from Google's complaint; Google's own announcement or the underlying filing would be the next step to verify them independently.
What the suit is actually aimed at is the kit layer, not the bait. Outsider Enterprise is accused, per Google's complaint, of running a phishing-as-a-service business on Telegram, where channel operators supply tooling and templates to downstream fraudsters rather than running every scam themselves. By suing the kit vendor, Google is going after the factory floor of the operation. The idea is that disrupting that one node multiplies the cost of respawning a new generation of SMS scams, because every fresh round of bait has to be rebuilt from scratch instead of re-skinned from an existing kit.
The case sits inside a coordinated disruption push rather than a standalone move. Google says it has worked with the FBI and with US carriers, including AT&T, T-Mobile, and Verizon, to block malicious SMS traffic at the network level. The carrier filtering cuts into delivery. The FBI coordination opens a criminal-track option. Google's civil suit targets the underlying kit supply. None of those individually erases the operation, and the wire does not specify what each piece delivered, but stacked together they raise the operating cost of running a Telegram-based kit business inside the US telecom footprint.
The legal reach is the filing's soft spot. Outsider Enterprise is a label Google has applied. The complaint does not name individual defendants. The operation is described as China-based, with its distribution layer living on Telegram, a platform that has historically been difficult to serve and slow to respond to US court orders. A US civil judgment against a pseudonymous, Telegram-resident network may end up as a name on a docket, with the underlying operation continuing to migrate channels. The bigger friction point is platform-side: what Telegram does with kit-distribution channels, what carriers do at the SMS gateway, and whether brand-impersonation infrastructure, including lookalike domains and certificate abuse, can be cut off upstream of the kit.
The watch item, then, is not whether the suit wins in court but whether the kit supply dries up in practice. If Telegram removes the named channels and the carrier filters hold through a second seasonal scam wave, the factory model loses its marketplace. If neither happens, the next batch of "Your package could not be delivered" texts is already templated and ready to be sent by a fresh crop of customers.