🟡 Medium | Source: Schneier on Security
Google has filed a lawsuit against a Chinese cybercrime group called Outsider Enterprise, which operated a phishing-as-a-service platform via Telegram. The group provided customers with nearly 300 scam templates and instructions for using Google’s Gemini AI to generate convincing fake websites impersonating Google, YouTube, and government agencies. This case highlights how threat actors are actively exploiting generative AI tools to lower the technical barrier for large-scale phishing campaigns.
Security Architect’s Take: Review your organisation’s acceptable-use controls and monitoring around generative AI tools — if employees or systems have API access to models like Gemini, ensure usage is logged and anomalous content-generation activity is alerted on. Additionally, bolster anti-phishing defences including brand impersonation monitoring, given AI is now dramatically accelerating the quality and volume of fake site creation.
Original advisory: Google Is Suing Chinese Scammers Who Are Using Gemini