Google has filed a lawsuit against a cybercrime group
accused of running a global text message phishing network that targeted
millions of users by impersonating well-known brands.
The company said the defendants, largely based in
China, used a phishing-as-a-service tool called “Lighthouse” to send fraudulent
messages and steal sensitive financial data, CNBC reported.
Discover how neo-banks become wealthtech in London at the fmls25
The defendants, described by researchers as the
“Smishing Triad,” allegedly used a phishing
Phishing
Phishing is a form of cyber-attack in which fake websites, emails, and text messages are used to elicit personal data. The most common targets in this assault are passwords, private cryptocurrency keys, and credit card details.Phishers disguise themselves as reputable businesses and other types of entities. In certain instances, reputable government organizations or authorities are impersonated in order to collect this data.Because phishing relies on psychological manipulation rather than techno
Phishing is a form of cyber-attack in which fake websites, emails, and text messages are used to elicit personal data. The most common targets in this assault are passwords, private cryptocurrency keys, and credit card details.Phishers disguise themselves as reputable businesses and other types of entities. In certain instances, reputable government organizations or authorities are impersonated in order to collect this data.Because phishing relies on psychological manipulation rather than techno
Read this Term-as-a-service kit called Lighthouse
to deploy fraudulent text messages impersonating trusted organizations,
including E-ZPass, the U.S. Postal Service, and even Google itself. Victims were lured to fake websites mimicking brand
login pages, where their financial and personal information was stolen.
The “Lighthouse” Operation
According to Google’s general counsel Halimah DeLaine
Prado, the group “preyed on users’ trust in reputable brands,” leveraging
realistic website templates to harvest credentials. Investigators estimate that
the syndicate has stolen between 12.7 million and 115 million credit cards in
the United States alone.
Google reportedly filed the suit under the Racketeer Influenced
and Corrupt Organizations (RICO) Act, the Lanham Act, and the Computer Fraud
and Abuse Act (CFAA). Internal and external investigations revealed that
around 2,500 members coordinated on public Telegram channels to develop and
maintain the Lighthouse software.
Read more: UK Court Hands Nearly 12-Year Sentence in Massive £5B Bitcoin Case: Report
The operation included separate “data
broker,” “spammer,” and “theft” groups responsible for sourcing victims,
sending fake texts, and monetizing stolen data. Google identified over 100 fraudulent website
templates using its branding alone, highlighting the scale of impersonation.
Financial Institutions Fight Scams Globally
In the US, financial institutions are facing a surge in fraud driven by artificial intelligence, according to a recent report by identity
verification firm Veriff. The company found that one in every 20 ID
verification attempts in financial services is now fraudulent, signaling a
sharp rise in online identity scams. Veriff’s “Future of Finance” report shows
that identity fraud in the financial sector has increased by 21% over the past
year.
The impact is being felt across the board. Over a
third of U.S. consumers surveyed said they suffered financial losses that could
not be recovered. At the same time, one in three fraud professionals reported
that their organizations lost between 3% and 5% of annual revenue to fraud – an
unsustainable cost burden that Veriff describes as a “fraud tax” on the
industry.
A similar trend is witnessed globally. Central Bank of
Cyprus’ recent report showed increasing cases of payment fraud. The bank outlined
how criminals target various types of non-cash transactions. The report found that card fraud was the most common
type, accounting for 94% of all fraudulent transactions by volume.
Google has filed a lawsuit against a cybercrime group
accused of running a global text message phishing network that targeted
millions of users by impersonating well-known brands.
The company said the defendants, largely based in
China, used a phishing-as-a-service tool called “Lighthouse” to send fraudulent
messages and steal sensitive financial data, CNBC reported.
Discover how neo-banks become wealthtech in London at the fmls25
The defendants, described by researchers as the
“Smishing Triad,” allegedly used a phishing
Phishing
Phishing is a form of cyber-attack in which fake websites, emails, and text messages are used to elicit personal data. The most common targets in this assault are passwords, private cryptocurrency keys, and credit card details.Phishers disguise themselves as reputable businesses and other types of entities. In certain instances, reputable government organizations or authorities are impersonated in order to collect this data.Because phishing relies on psychological manipulation rather than techno
Phishing is a form of cyber-attack in which fake websites, emails, and text messages are used to elicit personal data. The most common targets in this assault are passwords, private cryptocurrency keys, and credit card details.Phishers disguise themselves as reputable businesses and other types of entities. In certain instances, reputable government organizations or authorities are impersonated in order to collect this data.Because phishing relies on psychological manipulation rather than techno
Read this Term-as-a-service kit called Lighthouse
to deploy fraudulent text messages impersonating trusted organizations,
including E-ZPass, the U.S. Postal Service, and even Google itself. Victims were lured to fake websites mimicking brand
login pages, where their financial and personal information was stolen.
The “Lighthouse” Operation
According to Google’s general counsel Halimah DeLaine
Prado, the group “preyed on users’ trust in reputable brands,” leveraging
realistic website templates to harvest credentials. Investigators estimate that
the syndicate has stolen between 12.7 million and 115 million credit cards in
the United States alone.
Google reportedly filed the suit under the Racketeer Influenced
and Corrupt Organizations (RICO) Act, the Lanham Act, and the Computer Fraud
and Abuse Act (CFAA). Internal and external investigations revealed that
around 2,500 members coordinated on public Telegram channels to develop and
maintain the Lighthouse software.
Read more: UK Court Hands Nearly 12-Year Sentence in Massive £5B Bitcoin Case: Report
The operation included separate “data
broker,” “spammer,” and “theft” groups responsible for sourcing victims,
sending fake texts, and monetizing stolen data. Google identified over 100 fraudulent website
templates using its branding alone, highlighting the scale of impersonation.
Financial Institutions Fight Scams Globally
In the US, financial institutions are facing a surge in fraud driven by artificial intelligence, according to a recent report by identity
verification firm Veriff. The company found that one in every 20 ID
verification attempts in financial services is now fraudulent, signaling a
sharp rise in online identity scams. Veriff’s “Future of Finance” report shows
that identity fraud in the financial sector has increased by 21% over the past
year.
The impact is being felt across the board. Over a
third of U.S. consumers surveyed said they suffered financial losses that could
not be recovered. At the same time, one in three fraud professionals reported
that their organizations lost between 3% and 5% of annual revenue to fraud – an
unsustainable cost burden that Veriff describes as a “fraud tax” on the
industry.
A similar trend is witnessed globally. Central Bank of
Cyprus’ recent report showed increasing cases of payment fraud. The bank outlined
how criminals target various types of non-cash transactions. The report found that card fraud was the most common
type, accounting for 94% of all fraudulent transactions by volume.
