On Wednesday, tech giant Google went on the offensive, filing a lawsuit with the U.S. District Court in the Southern District of New York battling what it alleges is a huge criminal organization based in China called "Lighthouse" that provides software and support to online scammers.
The lawsuit alleges that the Lighthouse network runs a "Phishing-as-a-Service" operation, selling a software kit that offers hundreds of fake website templates to would-be scammers. Google's suit says nearly 200 of them have mimicked U.S.-based sites, including New York City's official website, the post office and the West Virginia DMV.
Halimah DeLaine Prado, Google's general counsel, said over 100 of the templates to make fake websites have included the company's logos in places where people were directed to sign in or make payments, creating the illusion of legitimacy. "We are a global company. This hits all of our users," she said. "We're concerned about the damage to user trust and not knowing what websites are safe."
The Lighthouse network has targeted victims in more than 120 countries, swindling millions of dollars from victims each year, the suit alleges. Screenshots included in the complaint show that the network apparently misused several other well-known logos, including those of payment, credit card and social media companies.
Google's suit appears aimed as much at setting a legal precedent as at seeking punishment — testing whether a 1970s racketeering law can be applied to a 21st-century digital crime.
DeLaine Prado declined to put a dollar figure on the damage to Google, saying it was "a bit immeasurable," but noted a stark example of what Google believes to be the reach of the organization. From July 2023 through October 2024, according to the complaint, the Lighthouse network created or used 32,094 distinct phishing websites that mimicked the U.S. Postal Service. DeLaine Prado estimated those sites would "compromise between 12.7 and 115 million credit cards in the U.S. alone."
Users can avoid text scams by not clicking links or replying to unknown messages. On an iPhone, users can turn on "Filter Unknown Senders" and "Filter Junk." On Android, enable Spam Protection and forward scam texts to 7726 (SPAM).
Note that those filters can also catch legitimate messages from numbers that are not in the phone's contact list, so be sure to check the unknown senders or spam folder once in a while.
DeLaine Prado declined to put a dollar figure on the damage to Google, saying it was "a bit immeasurable," but noted a stark example of what Google believes to be the reach of the organization. From July 2023 through October 2024, according to the complaint, the Lighthouse network created or used 32,094 distinct phishing websites that mimicked the U.S. Postal Service. DeLaine Prado estimated those sites would "compromise between 12.7 and 115 million credit cards in the U.S. alone."
Google doesn't know the actual identities of the people it's trying to sue. The suit refers to the defendants as "Does 1-25" — as in John or Jane Doe. Rather than names, the court filing contains only handles that some of those individuals have used on the encrypted messaging app Telegram to do business. But, they're in China, beyond the jurisdiction of U.S. courts.
The main goal isn't to bring any of these people to trial, DeLaine Prado said. "The goal is deterrence."
In filing the case, she said, Google is seeking a declaratory judgment from the court ruling that Lighthouse's activity is illegal.
"It allows us a legal basis on which to go to other platforms and services and ask for their assistance in taking down different components of this particular illegal infrastructure," she said, without naming which platforms or services Google might focus on.
"Even if we can't get to the individuals, the idea is to deter the overall infrastructure in some cases."
Google is also publicly endorsing three bipartisan bills being considered by Congress that are meant to help law enforcement agencies target scammers. The bills include the Guarding Unprotected Aging Retirees from Deception (GUARD) Act, which would allow local law enforcement to use grant funding to investigate financial fraud targeting retirees; the Foreign Robocall Elimination Act, which would establish a task force to block foreign robocalls; and the Scam Compound Accountability and Mobilization (SCAM) Act, which aims to develop a national strategy to counter "compounds" where people are trafficked to work in scam operations.
The main goal isn't to bring any of these people to trial, DeLaine Prado said. "The goal is deterrence."
In filing the case, she said, Google is seeking a declaratory judgment from the court ruling that Lighthouse's activity is illegal.
"It allows us a legal basis on which to go to other platforms and services and ask for their assistance in taking down different components of this particular illegal infrastructure," she said, without naming which platforms or services Google might focus on.
"Even if we can't get to the individuals, the idea is to deter the overall infrastructure in some cases."
Users can avoid text scams by not clicking links or replying to unknown messages. On an iPhone, users can turn on "Filter Unknown Senders" and "Filter Junk." On Android, enable Spam Protection and forward scam texts to 7726 (SPAM).
Note that those filters can also catch legitimate messages from numbers that are not in the phone's contact list, so be sure to check the unknown senders or spam folder once in a while.