Hello Fraud Fighters!
This week, Google did something it's never done before: it sued someone for abusing its own AI. A Chinese phishing ring allegedly used Gemini to write the code behind millions of scam texts, which tells you everything about where "AI safety" conversations are actually headed in 2026. Meanwhile, security researchers caught an AI agent running a complete ransomware attack with zero humans at the keyboard, the FTC's latest numbers confirm imposter scams are still eating consumers alive, the UK's mandatory reimbursement scheme is quietly working, and, in the "you couldn't make this up" category, bettors on a prediction market allegedly bought a song's way to Number One on Spotify.
Let's get into it.
Big Story: Google sues its own AI's abusers
Google filed a civil lawsuit on June 12 against a China-based operation it calls the "Outsider Enterprise”.
Outsider Enterprise ran a phishing-as-a-service platform (subscriptions from $88 a week) that let low-skill operators spin up convincing fake sites impersonating Google, YouTube, the USPS, and toll agencies like E-ZPass. What made it different from the "Lighthouse" network Google sued back in November is the AI layer: members allegedly prompted Gemini to generate the HTML for fake "gift redemption" and brand-impersonation pages, then loaded that code straight into their phishing dashboards. Google says the operation produced more than 9,000 fake websites and over a million fraudulent URLs, with 2.5 million scam texts sent to Android users in a single two-week window in May. The FBI has pegged the broader operation to an estimated 3.87 million stolen credit cards and roughly $1.9 billion in losses since July 2023.
The response is the more interesting part. Google is coordinating directly with the FBI and with AT&T, T-Mobile, and Verizon to block the traffic at the carrier level, and it's publicly backing seven bipartisan anti-scam bills in Congress, including legislation aimed specifically at AI-enabled fraud. FBI Cyber Division's Brett Leatherman put it plainly: "Criminals increasingly use AI to make fraud like this more convincing and harder to detect." That's not a hypothetical anymore; it's a court filing.
So what for operators: the barrier to running a convincing phishing operation just dropped again, and it dropped because of infrastructure your institution almost certainly relies on somewhere in its stack: generative AI code assistants. If your fraud model still treats "professionally built" phishing infrastructure as a signal of a well-resourced adversary, that signal is degrading fast. Expect more model providers to follow Google's lead into direct litigation rather than leaving enforcement entirely to regulators — which means the fraud intelligence you're used to getting from law enforcement bulletins may increasingly show up in court filings first. It's also worth watching whether carriers doing network-level blocking (as Google's doing with AT&T/T-Mobile/Verizon) becomes a template FIs can plug into, rather than fighting smishing one text at a time on the receiving end.
Quick Hit #1: The first ransomware attack with nobody at the keyboard

Cloud security firm Sysdig says it's documented the first fully agentic ransomware operation: an AI agent (not a human) exploited a Langflow vulnerability, harvested credentials, moved laterally to a production MySQL/Nacos server, and destroyed a database, all with the model narrating its own reasoning as it went. The agent ran more than 600 distinct payloads, and at one point diagnosed a failed login and redeployed a working fix in 31 seconds. Sysdig's Michael Clark summed up the real threat: "The skill floor for running ransomware has dropped to whatever it costs to run an agent." For fraud and security teams: the same agentic capability that can chain reconnaissance-to-extortion can just as easily chain reconnaissance-to-account-takeover.
Quick Hit #2: Imposter scams cost Americans $3.5 billion in 2025
New FTC data shows imposter scams remained the most-reported fraud category for the fifth year running, with reported losses climbing nearly 20% to $3.5 billion, a fifth of the roughly one million people who reported an imposter scam lost money, and they lost it in a big way. Business impersonation (mostly fake bank alerts) accounted for $1 billion, government impersonation another $920 million, both up sharply from 2024. Total fraud losses reported to the FTC hit $15.9 billion for the year, up 27%. The FTC's Christopher Mufarrige framed it as a market-integrity problem as much as a consumer one, and the agency has now brought a dozen enforcement actions under its Impersonation Rule. The pattern to watch: scams increasingly start as one type of impersonation and pivot into a "protect your money" wire instruction, meaning the fake bank text and the fraudulent transfer are often the same scam, not two separate ones.
Quick Hit #3: The UK's mandatory reimbursement rule is actually working

An independent review by Frontier Economics, commissioned by the Payment Systems Regulator, found that APP fraud losses have fallen by an estimated £73 million a year and roughly 35,000 fewer scams are happening since mandatory reimbursement came into force. Reimbursement rates across all claims rose from 54% to 65%, and for in-scope claims specifically, firms are now paying out 97%. The biggest gains came from firms that had the worst fraud numbers before the rule, which is the incentive structure working exactly as designed: make the sending and receiving bank share liability, and both suddenly care about stopping fraud upstream. The PSR isn't declaring victory, though. A consultation is coming by year-end to fix inconsistent outcomes and push tech platforms and telcos to own more of the problem they originate.
Quick Hit #4: A prediction market allegedly bought a song's way to Number One
Spotify pulled more than 500,000 artificial streams from Malcolm Todd's "Earrings" this week after a trader flagged an implausible 70% single-day jump that pushed the song to Number One, a move a prominent Kalshi trader calculated at roughly an 11-sigma statistical event. The wrinkle: Kalshi had already paid out a $3 million market on the chart result before investigating, and Spotify has since demanded both Kalshi and Polymarket strip its branding from their sites, making clear it has no partnership with either. This isn't really a music story. It's a preview of a new fraud surface — any data feed that settles a real-money market becomes worth manipulating, and prediction markets are wiring up to more of those feeds every month. Fraud teams at platforms adjacent to prediction markets should be asking now which of their own metrics could become the next settlement source.
This Week in Fraud is a publication for fintech operators, fraud teams, and risk professionals. Have a tip or story? Reply to this email or drop Nick Holland [email protected] a note directly.



