Topline
Google filed a lawsuit Wednesday to dismantle Lighthouse, a China-based software service accused of phishing, that allegedly enabled the creation of fraudulent USPS and E-ZPass messages targeting U.S. users and unlawfully used Google’s trademarks in schemes that defrauded victims of millions of dollars.
BERLIN, GERMANY – FEBRUARY 02: Symbolic photo on the subject of online shopping. A VISA credit card is held next to the keyboard of a laptop. (Photo by Thomas Trutschel/Photothek via Getty Images)
Photothek via Getty Images
Key Facts
Google filed a lawsuit Wednesday in the Southern District of New York against 25 unidentified individuals and entities linked to the China-based software platform Lighthouse, accusing them of running a racketeering scheme that defrauded millions of dollars and unlawfully used Google’s trademarks.
Google alleges the defendants created Lighthouse to serve as a subscription phishing kit that enabled large-scale scams through SMS and e-commerce channels.
Google says it found at least 107 fake sign-in templates replicating Google’s logo and interface to trick victims into entering personal information and financial data.
Google alleges attackers generated about 200,000 fraudulent domains, drawing over 1 million potential victims across 121 countries all within a 20 day period.
Between July 2023 and October 2024, the lawsuit notes Lighthouse produced 32,094 fake U.S. Postal Service websites, leading to the theft of 12.7 million to 115 million U.S. credit cards.
Google’s complaint seeks damages and injunctions under the Racketeer Influenced and Corrupt Organizations Act (commonly known as RICO), the Lanham Act and the Computer Fraud and Abuse Act.
Key Background
Phishing has grown into one of the most common forms of digital crime, with an estimated 3.4 billion phishing emails sent every day, according to Google’s filing. The Lighthouse software lowered the technical barrier to entry by packaging ready-made templates primarily mimicking trusted institutions (e.g. government entities, financial institutions, and postal services), bulk messaging tools and built-in evasion features into a single subscription kit. Its developers, known online as Wang Duo Yu and CoSmile, issued nearly 90 updates this year and expanded the library to more than 600 templates, almost 200 of which targeted U.S. institutions. Google alleges the broader Lighthouse network functions like a business, with separate teams that develop the code, gather target lists, send mass messages, monetize stolen data and manage recruitment and support through Telegram and Youtube. In response, Google decided to endorse bipartisan bills such as the GUARD Act, Foreign Robocall Elimination Act and SCAM Act, to expand law enforcement powers against international fraud.