Overview
- Google filed a civil suit in the Southern District of New York against 25 unnamed defendants tied to the Lighthouse platform under RICO, the Lanham Act and the Computer Fraud and Abuse Act, seeking injunctions, damages and orders to block related domains and IP addresses.
- The complaint cites campaigns that generated about 200,000 fraudulent websites in 20 days, targeted more than 1 million people across roughly 121 countries and potentially compromised 12.7 million to 115 million U.S. payment cards.
- Lighthouse markets a plug-and-play smishing kit via Telegram with more than 600 spoof templates, including over 100 that misuse Google branding, and it was used to launch 32,094 USPS phishing sites between July 2023 and October 2024.
- Google describes techniques such as real-time keystroke capture, fake verification pages to harvest MFA codes and automatic enrollment of stolen cards into mobile wallets to speed fraud.
- Alongside the suit, Google is endorsing the GUARD Act, the Foreign Robocall Elimination Act and the SCAM Act to strengthen U.S. efforts against foreign-run scam operations.