Google has filed a lawsuit against a cybercrime group accused of running a global text message phishing network that targeted millions of users by impersonating well-known brands.
The company said the defendants, largely based in China, used a phishing-as-a-service tool called “Lighthouse” to send fraudulent messages and steal sensitive financial data, CNBC reported.
Discover how neo-banks become wealthtech in London at the fmls25
The defendants, described by researchers as the “Smishing Triad,” allegedly used a phishing -as-a-service kit called Lighthouse to deploy fraudulent text messages impersonating trusted organizations, including E-ZPass, the U.S. Postal Service, and even Google itself. Victims were lured to fake websites mimicking brand login pages, where their financial and personal information was stolen.
The “Lighthouse” Operation
According to Google’s general counsel Halimah DeLaine Prado, the group “preyed on users’ trust in reputable brands,” leveraging realistic website templates to harvest credentials. Investigators estimate that the syndicate has stolen between 12.7 million and 115 million credit cards in the United States alone.
- Google Embeds Stablecoin Payments into AI Apps in Coinbase Partnership
- Why Is Google Stock Up Today? AI Hiring Fuels Optimism Despite Technical Resistance
- Google Makes Record $32B Bet on Cybersecurity With Wiz Acquisition
Google reportedly filed the suit under the Racketeer Influenced and Corrupt Organizations (RICO) Act, the Lanham Act, and the Computer Fraud and Abuse Act (CFAA). Internal and external investigations revealed that around 2,500 members coordinated on public Telegram channels to develop and maintain the Lighthouse software.
Read more: UK Court Hands Nearly 12-Year Sentence in Massive £5B Bitcoin Case: Report
The operation included separate “data broker,” “spammer,” and “theft” groups responsible for sourcing victims, sending fake texts, and monetizing stolen data. Google identified over 100 fraudulent website templates using its branding alone, highlighting the scale of impersonation.
Financial Institutions Fight Scams Globally
In the US, financial institutions are facing a surge in fraud driven by artificial intelligence, according to a recent report by identity verification firm Veriff. The company found that one in every 20 ID verification attempts in financial services is now fraudulent, signaling a sharp rise in online identity scams. Veriff’s “Future of Finance” report shows that identity fraud in the financial sector has increased by 21% over the past year.
The impact is being felt across the board. Over a third of U.S. consumers surveyed said they suffered financial losses that could not be recovered. At the same time, one in three fraud professionals reported that their organizations lost between 3% and 5% of annual revenue to fraud – an unsustainable cost burden that Veriff describes as a “fraud tax” on the industry.
A similar trend is witnessed globally. Central Bank of Cyprus’ recent report showed increasing cases of payment fraud. The bank outlined how criminals target various types of non-cash transactions. The report found that card fraud was the most common type, accounting for 94% of all fraudulent transactions by volume.
