Tweet
In a bold move to crack down on global cyber fraud, Google has filed a landmark lawsuit against a China-based cybercriminal network, alleging it conducted a sweeping campaign of fraudulent text-message phishing — or “smishing” — that targeted millions worldwide. The criminal outfit, known as Lighthouse, reportedly used a phishing-as-a-service kit to impersonate trusted companies and institutions, tricking unsuspecting people into divulging sensitive information.
The Smishing Attack: How Lighthouse Worked
According to the complaint filed on November 12, 2025, Lighthouse operated a subscription-based platform that supplied would-be scammers with ready-made templates for fake text messages and fully designed phishing websites. These templates mimicked trusted entities such as the USPS, toll-collection services like E‑ZP***, and even Google’s own brands.
The process was straightforward — but deeply insidious: victims would receive a convincing SMS alert claiming they had a stuck delivery, an unpaid toll, or a package pending delivery. A single click led them to a counterfeit website that appeared legitimate, prompting them to enter payment credentials, credit-card details, or login information. Once submitted, the data was captured in real time by the scammers behind Lighthouse. In just 20 days, the group allegedly spun up nearly 200,000 fraudulent websites, targeting users across more than 120 countries.
A Global Impact: Millions of Cards, Over a Million Victims
The scope of the alleged operation is staggering. According to court filings, Lighthouse may have compromised between 12.7 million and 115 million U.S. credit or debit cards — numbers that indicate just how far-reaching the scam was. Furthermore, Google estimates that the operation affected over one million victims worldwide, resulting in financial losses in the billions of dollars.
Legal Action: Breaking Up the Operation
In its lawsuit — filed in the U.S. District Court for the Southern District of New York under the name Google v. Does 1–25 — Google accuses 25 unnamed individuals behind Lighthouse of racketeering, trademark infringement, and computer-fraud violations. The tech giant is seeking a court order to dismantle the infrastructure supporting the operation, prompting hosting providers and digital platforms to block fake domains, shut down phishing kit resources, and cut off support services used by scammers. Google’s general counsel emphasised that the goal isn’t just restitution, but deterrence — to prevent future misuse of its brand and resources.
Why This Lawsuit Matters
The Smishing Attack: How Lighthouse Worked
According to the complaint filed on November 12, 2025, Lighthouse operated a subscription-based platform that supplied would-be scammers with ready-made templates for fake text messages and fully designed phishing websites. These templates mimicked trusted entities such as the USPS, toll-collection services like E‑ZP***, and even Google’s own brands.
The process was straightforward — but deeply insidious: victims would receive a convincing SMS alert claiming they had a stuck delivery, an unpaid toll, or a package pending delivery. A single click led them to a counterfeit website that appeared legitimate, prompting them to enter payment credentials, credit-card details, or login information. Once submitted, the data was captured in real time by the scammers behind Lighthouse. In just 20 days, the group allegedly spun up nearly 200,000 fraudulent websites, targeting users across more than 120 countries.
A Global Impact: Millions of Cards, Over a Million Victims
The scope of the alleged operation is staggering. According to court filings, Lighthouse may have compromised between 12.7 million and 115 million U.S. credit or debit cards — numbers that indicate just how far-reaching the scam was. Furthermore, Google estimates that the operation affected over one million victims worldwide, resulting in financial losses in the billions of dollars.
Legal Action: Breaking Up the Operation
In its lawsuit — filed in the U.S. District Court for the Southern District of New York under the name Google v. Does 1–25 — Google accuses 25 unnamed individuals behind Lighthouse of racketeering, trademark infringement, and computer-fraud violations. The tech giant is seeking a court order to dismantle the infrastructure supporting the operation, prompting hosting providers and digital platforms to block fake domains, shut down phishing kit resources, and cut off support services used by scammers. Google’s general counsel emphasised that the goal isn’t just restitution, but deterrence — to prevent future misuse of its brand and resources.
Why This Lawsuit Matters
- Precedent-setting action: This is among the first times a major tech company has used U.S. racketeering law (the Racketeer Influenced and Corrupt Organisations Act — RICO) against a global cyber-fraud syndicate.
- Disrupting infrastructure over individuals: Because many perpetrators remain anonymous and outside U.S. jurisdiction, targeting the underlying infrastructure — websites, domains, hosting providers — may be more effective than chasing individual actors.
- Raising awareness: By publicising the scale and mechanics of smishing, the lawsuit serves as a warning to users worldwide — not every unexpected message is innocent.