Google has filed a lawsuit against a cybercrime group
accused of running a global text message phishing network that targeted
millions of users by impersonating well-known brands.
The company said the defendants, largely based in
China, used a phishing-as-a-service tool called “Lighthouse” to send fraudulent
messages and steal sensitive financial data, CNBC reported.
Discover how neo-banks become wealthtech in London at the fmls25
The defendants, described by researchers as the
“Smishing Triad,” allegedly used a phishing-as-a-service kit called Lighthouse
to deploy fraudulent text messages impersonating trusted organizations,
including E-ZPass, the U.S. Postal Service, and even Google itself. Victims were lured to fake websites mimicking brand
login pages, where their financial and personal information was stolen.
The “Lighthouse” Operation
According to Google’s general counsel Halimah DeLaine
Prado, the group “preyed on users’ trust in reputable brands,” leveraging
realistic website templates to harvest credentials. Investigators estimate that
the syndicate has stolen between 12.7 million and 115 million credit cards in
the United States alone.
Google filed the suit under the Racketeer Influenced
and Corrupt Organizations (RICO) Act, the Lanham Act, and the Computer Fraud
and Abuse Act (CFAA). The company seeks to dismantle both the Lighthouse
platform and the broader criminal network behind it.
Internal and external investigations revealed that
around 2,500 members coordinated on public Telegram channels to develop and
maintain the Lighthouse software.
The operation reportedly included separate “data
broker,” “spammer,” and “theft” groups responsible for sourcing victims,
sending fake texts, and monetizing stolen data. Google identified over 100 fraudulent website
templates using its branding alone, highlighting the scale of impersonation.
Beyond the courtroom, Google is backing a trio of
bipartisan U.S. bills aimed at curbing digital fraud. These include the GUARD
Act, the Foreign Robocall Elimination Act, and the Scam Compound Accountability
and Mobilization Act. Together, the measures target illegal robocalls, scam
operations, and human trafficking links within fraud networks.
Expect ongoing updates as this story evolves.
This article was written by Jared Kirui at www.financemagnates.com.
Source link
