Google Uncovers ‘Staggering’ Scam Text Operation Platform
▼ Summary
– Chinese cybercriminals have sent millions of scam text messages, impersonating organizations like USPS and toll-road firms, and allegedly made over a billion dollars from their schemes.
– Google is suing 25 unnamed individuals from the “Lighthouse” Chinese smishing group, which has targeted people in over 120 countries and millions of Americans with fraudulent texts.
– The Lighthouse group preys on public trust in Google by using its logos on fake websites and abusing its systems, while operating as part of an organized transnational crime network.
– Scam messages impersonate delivery firms, banks, or law enforcement and include links to fraudulent websites that steal personal and bank details in real time when victims enter information.
– The Lighthouse operation uses phishing-as-a-service software sold via subscriptions, offering phishing templates and tools to send messages via iMessage and RCS, with anti-evasion techniques to avoid detection.
A massive international text message scam operation has been uncovered by Google, revealing a sophisticated criminal enterprise that has targeted individuals across more than 120 countries. The tech giant has taken legal action against a group of 25 unnamed individuals allegedly operating the “Lighthouse” network, described in court documents as a “staggering” fraud scheme that has impacted millions of Americans through deceptive text messages.
This Chinese-based criminal operation has reportedly generated over a billion dollars in illicit profits through systematic text message scams that impersonate legitimate organizations like the United States Postal Service and toll road collection companies. The lawsuit, filed in the US Southern District of New York, represents one of the most significant legal challenges to these international fraud networks to date.
Google’s legal team contends the Lighthouse Enterprise, sometimes referred to as part of the “Smishing Triad,” has not only stolen information and money from victims worldwide but has also deliberately exploited public trust in Google’s brand. The scammers allegedly used Google logos on fraudulent websites while simultaneously abusing the company’s systems and technology. Halimah DeLaine Prado, Google’s general counsel, emphasized the transnational nature of these operations, noting that organized crime networks like Lighthouse have achieved enormous reach across global boundaries.
The Lighthouse group belongs to a broader ecosystem of Chinese-speaking smishing operations that have proliferated in recent years. These criminal networks deploy scam messages through multiple channels including traditional SMS, Google’s RCS service, and Apple’s iMessage platform. Each fraudulent message mimics legitimate organizations such as delivery services, financial institutions, or government agencies, containing links to counterfeit websites designed to harvest personal information.
At the core of this operation sits the Lighthouse software platform, which security experts describe as a phishing-as-a-service tool developed by technically sophisticated cybercriminals. This platform is then marketed through subscription models to less technically capable fraudsters who use it to distribute scam messages. According to Google’s legal filing, scammers can purchase access through weekly, monthly, seasonal, annual, or permanent subscription plans.
Security analysts who have monitored these operations note that the Lighthouse platform provides criminals with ready-made phishing templates, fake websites, and backend management tools capable of collecting usernames, passwords, and one-time authentication codes. The system supports large-scale message distribution through both iMessage and Google Messages’ RCS channels, going beyond traditional SMS capabilities. Halit Alptekin, chief intelligence officer at security firm Prodaft, explains that the platform employs sophisticated anti-detection measures including IP-based filtering, user-agent analysis, time-limited URLs, and domain rotation techniques designed to evade security systems.
(Source: Wired)
