Investigators report that enforcement actions targeted not just phishing pages, but also the infrastructure used by “Outsider Enterprise.” The operation was linked to large-scale theft of payment and credential data.

In connection with Operation Riptide, the FBI and partner agencies took action against “Outsider Enterprise,” described as a China-based phishing-as-a-service used to orchestrate fraudulent site generation. The reporting emphasizes that the disruption effort did not stop at takedown of scam sites; it also targeted the underlying infrastructure used to run the phishing workflow. That infrastructure included elements tied to how phishing links and pages were produced and delivered to victims. The core criminal model involved enabling buyers to deploy scam sites at scale. Victims who interacted with those sites were at risk of having credentials harvested and payment-card information stolen. The report ties the activity to phishing URLs and broader compromise opportunities associated with fake site operations. By disrupting the service’s operational components, investigators aimed to prevent the fraud mechanism from continuing to function for other customers. The case also underscores the systemic risk posed by phishing-as-a-service ecosystems: when the supply chain is disrupted—domains, supporting systems, and delivery mechanisms—downstream scam campaigns are harder to launch, and the rate of victim compromise can drop.