Google has filed a lawsuit against a group of Chinese hackers running a platform called “Lighthouse” that sells phishing services for a monthly fee. The group offers clients its services to launch massive phishing and smishing (SMS phishing) campaigns. Google says the bad actors typically send out emails or text messages that link to fake websites pretending to be legitimate pages of established brands like USPS and E-Z Pass, in order to trick people into keying in their log-ins and other sensitive details. The company found at least 107 sign-in screen templates with Google branding, designed to steal people’s log-in information.
In its announcement, Google said that one million people from 121 countries have fallen victim to the online scams that used Lighthouse and that the bad actors have already stolen $1 billion. In the US alone, they’ve gotten their hands on between 12.7 million and 115 million credit card numbers. The most popular scheme involves pretending to be the USPS and telling victims that they’d have to pay for the redelivery of a package stuck at the post office.
As The Financial Times reports, Google cited data from cybersecurity company Silent Push in its lawsuit as an example, stating that Chinese criminal group “Smishing Triad” used Lighthouse earlier this year to create 200,000 fake websites. Those websites apparently received 50,000 visits a day and compromised millions of US credit cards within a 20-day period. The company is bringing claims under the US Racketeer Influenced and Corrupt Organizations Act, the Lanham Act, and the Computer Fraud and Abuse Act. If the company wins, it would allow Google to work with carriers and website hosts to take down the operation’s domain and servers.
In addition to filing the lawsuit, Google is also backing bipartisan bills in Congress that take aim at foreign cybercriminals. One bill would enable state and local law enforcement to use federal grant funding to investigate financial fraud targeting retirees. Another aims to establish a task force to block foreign robocalls in the US. The last one targets scam compounds, or centers that serve as bases for scam operations, and intends to provide support to the survivors who were trafficked and forced to work for those centers.
This article originally appeared on Engadget at https://www.engadget.com/big-tech/google-sues-group-running-massive-sms-scam-operation-133000168.html?src=rss
