Google vs. Outsider Enterprise: AI and SMS scams on a global scale

Case timeline: from operation to legal action

On June 12, 2026, Google filed a legal appeal against the group Outsider Enterprise, a criminal organization based in China. According to reports by TechCrunch, the group used artificial intelligence tools to automate the sending of fraudulent SMS messages. In a period of just two weeks, they delivered 2.5 million SMS hundreds of thousands of victims.

The operation falls into the category of Smishing AI-powered. Therefore, the messages were crafted with a higher-than-average level of personalization and plausibility. Furthermore, automation allowed the attack to be scaled in record time, bypassing traditional spam filters.

Google acted as the injured party, as the messages exploited infrastructure and services attributable to the group's ecosystem. Consequently, the legal action aims both for compensation and to create a legal precedent in combating AI-driven cybercrime.

The Anatomy of an Attack: How AI Has Multiplied the Reach of Fraud

Understanding the technical operation is crucial for assessing the real risk. First, Outsider Enterprise employed language models to generate credible SMS texts tailored to the victim's context. Similarly, it automated response management, simulating human interactions to prolong the deception.

Incidentally, the use of AI has drastically lowered the cost per victim. According to industry analyses published by Gartner, AI-powered automated fraud campaigns reduce the operational costs of cybercrime by up to 80% compared to traditional methods. This figure explains how quickly the operation has reached a global scale.

Furthermore, the messages contained links to cloned pages of well-known services. Thus, victims were directed to data collection forms or payment requests. In particular, the most affected sectors appear to be those related to logistics, banking, and e-commerce platforms – areas in which Italian SMEs operate daily.

Winners and losers: who is harmed by this situation

Google's action is a positive signal for the entire digital ecosystem. However, it's necessary to distinguish the different levels of impact. On one hand, the direct victims of SMS have suffered economic damages and privacy violations. On the other hand, companies whose brands were impersonated in the fraudulent messages have experienced reputational damage that is difficult to quantify.

Therefore, even Italian SMEs that were not the direct target of the operation must consider themselves potentially involved. In fact, similar campaigns can exploit the names of local suppliers, partners, or payment platforms. Consequently, end customers' trust in legitimate digital communications is eroded overall.

On the contrary, Google emerges from this situation with an active role in defending the ecosystem. Nevertheless, legal action alone is not enough to prevent future operations. Therefore, responsibility is also distributed among individual digital operators.

SHM Studio Reading: Why Italian SMEs Cannot Ignore This Scenario

We of SHM Studio we are carefully observing the evolution of cybercrime linked to artificial intelligence. This case confirms a trend that already emerged in the course of 2025: AI lowers the barrier to entry for digital crime, making operations once reserved for sophisticated players accessible to resource-limited groups.

Specifically, Italian SMEs in the B2B and retail sectors present specific vulnerabilities. They often manage customer communications via SMS, email, and instant messaging without structured verification protocols. Furthermore, their cybersecurity budgets remain significantly lower compared to large enterprises.

Therefore, the risk is not only that of suffering a direct attack. Likewise, there is the danger that your clients may receive fraudulent messages that imitate legitimate business communications. Following events of this kind, damage to brand reputation can be long-lasting and difficult to recover from. For this reason, integrating digital security into the strategy of digital marketing It is no longer an accessory option.

The construction site is still open: what is missing in the regulatory and technical framework

The Google vs. Outsider Enterprise case raises issues that go beyond the individual legal dispute. First of all, the difficulty of attributing legal responsibility to subjects operating in non-European jurisdictions emerges. According to the McKinsey Global Institute, The fragmentation of international norms represents one of the main obstacles to effectively combating transnational cybercrime.

Furthermore, the generative AI models used to construct fraudulent messages are often the same ones employed in legitimate applications. Consequently, distinguishing between lawful and unlawful use at a technical level is complex. Therefore, the solution cannot be exclusively technological but requires an integrated approach that combines regulation, training, and operational oversight.

In summary, the European regulatory framework on AI—with the AI Act coming into force in 2025—offers useful tools, but their practical application to SMEs still requires time and established operational interpretations.

Next Moves: Operational Guidelines for Italian Businesses

In light of the analysis, it is possible to identify some concrete priorities for Italian SMEs. These indications do not replace specialized advice, but represent a starting point for risk assessment.

• Check official communication channels: It is appropriate for companies to define clear protocols for communications with customers and suppliers, distinguishing between authenticated and unverified channels. Effective monitoring of web presence helps reduce the attack surface for impersonation campaigns.
• Internal training on smishing recognition: Staff managing digital communications must be able to identify suspicious messages. Specifically, teams involved in LinkedIn campaign and in the Google Ads campaigns These are targeted phishing attempts.
• Technology Vendor Audit It is advisable to verify that SMS marketing and messaging providers implement up-to-date anti-spoofing measures. Therefore, the selection of technology partners must include explicit security criteria.
• Brand reputation monitoring tools for SEO and online monitoring can report the appearance of clone pages or anomalous brand mentions. This safeguard is an integral part of a strategy of Content and copywriting Structured.
• AI Integration in Defense: paradoxically, the same tools of artificial intelligence used for attacks can be employed to detect anomalies in communication flows. Therefore, exploring AI-based solutions for security is a growing priority for SMEs as well.

Finally, it's useful to remember that digital security is not a one-time project. Instead, it requires continuous updating in response to evolving threats. Companies interested in assessing their digital risk profile can Contact our team for an initial comparison.

Perspectives 2027-2028: AI-Driven Cybercrime as a Structural Variable

Looking at the next two years, the Outsider Enterprise case is not destined to remain isolated. In fact, industry projections indicate exponential growth in automated fraud campaigns. According to recent analyses by Harvard Business Review, By 2028, more than 60% of social engineering attacks will include a significant AI component.

Consequently, Italian SMEs that do not address this risk today will find themselves at a competitive and reputational disadvantage. Furthermore, European regulatory pressure is set to increase, with stricter compliance requirements for those handling customer and partner data.

Therefore, the time to structure an organized response is now. Exploring the opportunities offered by’AI applied to business defensively, investing in Digital infrastructure quality and maintain a constant watch over online visibility They are three mutually reinforcing levers. To delve deeper into these topics, further material is available in our blog.