Google sues Chinese phishing-as-a-service network behind all those scammy texts

Published: 12 November 2025
Last updated: 13 November 2025
google-lighthouse
Image by Cybernews.

If you’re American, there’s a high chance you’ve received a weird text alerting you to an unpaid toll or failed delivery. Most of the time, these are sent by cybercriminals. Now, Google is attempting to dismantle one of these so-called phishing-as-a-service networks, which is allegedly based in China.

Millions of scam text messages have been sent over the past few years, and fraudsters have generated hundreds of millions of dollars from them.

Now, Google, one of the tech giants, is taking action and suing alleged members of an illegal enterprise called “Lighthouse.” The group is part of the infamous scam collective called the "Smishing Triad."

ADVERTISEMENT

In a new complaint filed Wednesday in the US Southern District of New York, Google says that 25 unnamed individuals have operated as part of the “Lighthouse” scam network and targeted millions of Americans with texts in a “staggering” operation.

Massive smishing operation

The smishing group is operating from China, Google alleges, and makes a “phishing for dummies” kit for cybercrooks, enabling them to execute large-scale campaigns.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

The scam is straightforward: criminals send a text message, prompting recipients to click a link and share sensitive information, including email credentials, banking details, and more.

“Lighthouse” plays a crucial part here, Google claims, because it charges cybercriminals a monthly licensing fee to provide SMS or e-commerce software with hundreds of templates for websites cloning financial institutions or government-affiliated organizations.

This, of course, tricks quite a few recipients of the texts into entering sensitive details.

The operation is massive. In just 20 days, Google says, Lighthouse was used to create 200,000 fraudulent websites that attracted over a million potential victims.

ADVERTISEMENT

A report from April stated that there has been a 604% surge in scam texts purporting to be “toll fees” this year.

The company also estimates that between 12.7 million and 115 million credit cards in the US were compromised by the scam.

Google is worried because “Lighthouse” also “preys on the public trust” in the company by using its logos on scammy websites and abusing its systems and technology.

“We found at least 107 website templates featuring Google's branding on sign-in screens specifically designed to trick people into believing the sites are legitimate,” Halimah DeLaine Prado, general counsel at Google, wrote in a blog post.

What actually happens

Most are familiar with these types of text messages: you just can’t escape them. A report from April stated that there has been a 604% surge in scam texts purporting to be “toll fees” this year.

us-toll-fees
Image by Getty Images/Gary Hershorn.

Interestingly, though, Google’s lawsuit details what actually happens after someone clicks on fraudulent links.

A scammer would allegedly log into a “Lighthouse” account, using a login page that displays a Google logo that appears like a sign-in option, and use the dashboard to send out a text falsely alerting a potential victim that, for example, USPS requires a fee to complete their delivery.

The text would then link to a spoofed USPS page asking the user to enter their personal and payment details. The page tracks users’ keystrokes, according to the complaint, so the information is compromised even if the user has second thoughts before submitting.

ADVERTISEMENT

Those details then populate neatly on the “Lighthouse” dashboard. Similar scams spoof toll collection sites like E-ZPass, financial institutions, and retail sites.

Has my data been leaked?
Check Now

According to Google, the defendants are allegedly violating the Racketeer Influenced and Corrupt Organizations (RICO Act) and laws against fraud and trademark infringement.

Even though the lawsuit itself sounds pretty ambitious, it’s important to note that Google doesn’t actually know who the unnamed defendants are – just that they’re believed to be based in China.

The goal of the lawsuit is thus to have the court declare “Lighthouse” illegal, so that the group is also removed by other tech providers. Still, even such a move wouldn’t guarantee that “Lighthouse” would be dismantled.

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT