The FBI and partners dismantled “Outsider Enterprise,” a China-based phishing-as-a-service that coached buyers to generate scam sites. The takedown disrupted infrastructure tied to credential and payment-card theft.

The FBI and partners, including Google, moved to dismantle a China-based phishing-as-a-service operation known as “Outsider Enterprise,” connected to Operation Riptide and also referred to as “Ghost Hook.” According to reporting, the service functioned like a marketplace for phishing capability—coaching buyers to generate scam websites and then using those lures to capture victims’ credentials and payment information. The scheme leveraged links and site generation workflows to scale fraud, with the infrastructure behind the operation also being targeted during enforcement activity. The report describes how the operation was tied to phishing URLs and theft of sensitive data, including payment-card and login credentials. By seizing or disrupting components associated with the phishing workflow, investigators sought to reduce both the operation’s ability to run future campaigns and the harm already inflicted on victims. The case highlights how “phishing-as-a-service” offerings can operate as reseller models for cybercrime, bundling tactics, tooling, and operational support that lower barriers for criminals while increasing the volume of scams.