š” Medium Ā |Ā Source: The Hacker News
Google is taking legal action against a Chinese cybercrime network accused of abusing its Gemini AI to craft and send phishing SMS messages targeting US users. The group operates a phishing-as-a-service platform called ‘Outsider’, making sophisticated smishing campaigns accessible to a wider criminal ecosystem. This case highlights the emerging risk of threat actors weaponising legitimate AI services to scale and refine social engineering attacks.
Security Architect’s Take: Review your organisation’s acceptable use controls and API abuse detection for any AI services you expose or consume ā ensure rate limiting, anomaly detection, and terms-of-service enforcement are in place to prevent misuse. Additionally, reinforce employee and customer awareness around SMS phishing, as AI-generated lures are becoming increasingly convincing and harder to detect with traditional filters.
Original advisory: Google Sues Chinese Smishing Network Accused of Using Gemini AI in Phishing