Google files lawsuit to disrupt massive ‘Lighthouse’ smishing scheme

Google filed a lawsuit on Wednesday in the Southern District of New York to disrupt a Chinese cybercriminal organization behind a pervasive phishing-as-a-service operation that has targeted millions of people around the world. 

According to the tech giant, the accused criminals developed the “Lighthouse” phishing kit, which provides custom tools to scammers to deploy “smishing” — or SMS phishing — attacks and to build fraudulent websites designed to steal victims’ credit card information. 

Lighthouse is connected to the ubiquitous SMS scams claiming, for example, that a package from the U.S. Postal Service is stuck in transit, or that a toll fee has not been paid. The kit’s operators are connected to the loosely-knit group of cybercriminals security researchers have dubbed “Smishing Triad.”

The operators allegedly sell Lighthouse kits for a monthly fee that includes website templates designed to mimic institutions. Over the course of a 20-day period, the lawsuit says, the software was used to create about 200,000 fake websites. The company alleges that between 12.7 million and 115 million credit cards in the U.S. have been compromised through the Lighthouse kits. More than 100 website templates were found to use Google branding on their sign-in pages.

Google said it does not know the names of the 25 defendants allegedly connected to the scheme. The company is seeking an injunction “to disrupt the criminal enterprise behind this scheme and stop its spread.” 

In a blog post announcing the lawsuit, the company said it is endorsing three pieces of legislation that have been introduced in the U.S. Congress to address scams launched from abroad, including the Scam Compound Accountability and Mobilization (SCAM) Act, which calls for a national strategy to counter transnational criminal groups carrying out sophisticated scam operations out of Southeast Asia.  

“We encourage Congress to enact these crucial bills and help bring a decisive end to the financial harm and damage wrought by foreign cybercriminals,” they said.