Google has filed a lawsuit against a cybercrime group accused of running a global text message phishing network that targeted millions of users by impersonating well-known brands.

The company said the defendants, largely based in China, used a phishing-as-a-service tool called “Lighthouse” to send fraudulent messages and steal sensitive financial data, CNBC reported.

Discover how neo-banks become wealthtech in London at the fmls25

The defendants, described by researchers as the “Smishing Triad,” allegedly used a phishing-as-a-service kit called Lighthouse to deploy fraudulent text messages impersonating trusted organizations, including E-ZPass, the U.S. Postal Service, and even Google itself. Victims were lured to fake websites mimicking brand login pages, where their financial and personal information was stolen.

The “Lighthouse” Operation

According to Google’s general counsel Halimah DeLaine Prado, the group “preyed on users’ trust in reputable brands,” leveraging realistic website templates to harvest credentials. Investigators estimate that the syndicate has stolen between 12.7 million and 115 million credit cards in the United States alone.

[#highlighted-links#]

Google filed the suit under the Racketeer Influenced and Corrupt Organizations (RICO) Act, the Lanham Act, and the Computer Fraud and Abuse Act (CFAA). The company seeks to dismantle both the Lighthouse platform and the broader criminal network behind it.

Internal and external investigations revealed that around 2,500 members coordinated on public Telegram channels to develop and maintain the Lighthouse software.

The operation reportedly included separate “data broker,” “spammer,” and “theft” groups responsible for sourcing victims, sending fake texts, and monetizing stolen data. Google identified over 100 fraudulent website templates using its branding alone, highlighting the scale of impersonation.

Beyond the courtroom, Google is backing a trio of bipartisan U.S. bills aimed at curbing digital fraud. These include the GUARD Act, the Foreign Robocall Elimination Act, and the Scam Compound Accountability and Mobilization Act. Together, the measures target illegal robocalls, scam operations, and human trafficking links within fraud networks.

Expect ongoing updates as this story evolves.

Source: Finance Magnates