- Google is suing Lighthouse Enterprise for running a global phishing-as-a-service scam operation
- The kit enabled 200,000 fake pages in 20 days, targeting over a million victims worldwide
- Lighthouse misused Google assets and may have compromised up to 115 million US credit cards
Google has sued “Lighthouse Enterprise” – a major Chinese global fraud operation that facilitated the theft of millions of credit cards and hundreds of millions of dollars.
In a federal lawsuit recently filed in the Southern District of New York, Google revealed plans to sue a group of foreign criminals for running a massive phishing-as-a-service (PhaaS) operation.
According to the complaint, the group created and sold a phishing kit called Lighthouse, which allowed even novices to build fake websites impersonating trusted institutions. The kit, advertised through Telegram and YouTube, offered hundreds of pre-made templates and tools to launch large-scale smishing and e-commerce scams, allowing users to create fake websites spoofing government agencies, financial firms and — among others — Google.
Unknown number of “Does”
Google claims that over the course of 20 days, the Lighthouse platform was used to create 200,000 fake websites that targeted more than a million victims in 121 countries.
Citing researchers, Google estimates that between 12.7 million and 115 million credit cards in the US alone may have been compromised through Lighthouse-powered attacks.
The exact number of people running the operation is unknown. In the lawsuit, the people are labeled as “Doe” 1-25, although Google acknowledged that the actual number of people is likely much larger.
In some cases, the crooks would create fake USPS package delivery labels or alert victims of pending toll payments. They sometimes built fake online stores that stole users’ payment data and often used the stolen information to load victims’ credit cards into digital wallets to make unauthorized payments.
Google alleges that Lighthouse operators misused Google logos and trademarks, ran ads through Google Ads, and even uploaded tutorials to YouTube showing how to carry out the scam.
The hackers damaged Google’s reputation, violated its terms of service and forced it to spend hundreds of hours investigating and shutting down fraudulent accounts, the company concluded.
This is not the first time that Google has sued Chinese nationals for cybercrime, but most of the time the lawsuits come to nothing as China rarely extradites its citizens to the US, especially when it comes to cybercrime.
Via The register
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
