| Threat Level: HIGH The FBI, Google, and Black Lotus Labs dismantled Outsider Enterprise, a Chinese phishing-as-a-service operation running thousands of fake websites and over a million phishing URLs used to steal credit card numbers and passwords. |
What Happened
The FBI, working with Google and Lumen’s Black Lotus Labs, dismantled a phishing-as-a-service operation called Outsider Enterprise. The operation ran thousands of phishing websites and distributed over a million phishing URLs designed to steal credit card numbers and login credentials.
Phishing-as-a-service means the people running Outsider Enterprise were not the only ones using it. They built the infrastructure and sold or rented access to other criminals. Anyone with money could buy a ready-made fake login page that mimics a bank, a delivery service, or a retailer, then send it out by email or text.
This model is why phishing volume has grown so fast. A single operation can power thousands of separate scams at once, each targeting different brands and different victims.
Who This Affects
Anyone with an email address or a phone number was a potential target of this operation. The scale here, a million URLs, means the messages were not aimed at high-value targets. They were aimed at volume. Everyday people who shop online, bank through apps, or get package delivery texts are exactly who this kind of operation goes after.
Small business owners face a second layer of risk. Phishing kits like these often impersonate business tools too: payment processors, shipping platforms, even employee email logins. A staff member who clicks one fake link can hand over the credentials that unlock your entire business account.
The takedown removes one operation. It does not remove the kits, the templates, or the criminals who bought access before the shutdown. Expect copies of this infrastructure to resurface under different names.
What to Do
Slow Down Before You Click
Phishing works because messages create urgency. A delivery problem, a locked account, a payment failure. Before clicking any link in an unexpected message, go directly to the company’s website or app instead. Type the address yourself or use a bookmark you saved earlier.
Use a Password Manager With Autofill
A password manager only fills in your credentials on the real website it was saved for. On a fake site, even one that looks identical, autofill will not trigger. That mismatch is one of the most reliable warning signs available to you.
- Bitwarden: Free. Open-source, works across all your devices, and autofill protection works out of the box.
- 1Password: ~$36/year. Polished interface with strong family plan options.
Turn on Two-Factor Authentication Everywhere
If a phishing site does capture your password, two-factor authentication stops the attacker from getting in without your phone or authenticator app. Enable it on email, banking, and any account that stores payment information.
Add Browser-Level Phishing Protection
- Malwarebytes Browser Guard: Free. Blocks known phishing and scam sites before they load, works with Chrome, Firefox, and Edge.
- Google Safe Browsing: Free, built into Chrome. Make sure Enhanced Protection is turned on in your browser’s privacy settings for the strongest filtering.
- Norton 360 Deluxe: ~$50/year for the first year. Includes phishing protection, a VPN, and dark web monitoring in one package, a reasonable option for households running multiple devices.
| What to Do Right Now Turn on Enhanced Safe Browsing in Chrome, set up a free password manager with autofill, and enable two-factor authentication on your email and bank accounts. These three steps take under thirty minutes combined. |
| Next Steps Check your exposure: Run your email through Have I Been Pwned to see if your credentials have already surfaced in a known breachWant a security review for your business: Contact us Here or Schedule a Free 30 Minute Consult Here |