- Google sues Lighthouse Enterprise for running global phishing fraud-as-a-service operation
- The kit enabled 200,000 fake sites in 20 days, targeting more than a million victims worldwide.
- Lighthouse misused Google assets and may have compromised up to 115 million US credit cards
Google is suing “Lighthouse Enterprise,” a major Chinese global fraud operation that facilitated the theft of millions of credit cards and hundreds of millions of dollars.
In a federal lawsuit recently filed in the Southern District of New York, Google revealed plans to sue a group of foreign criminals for running a massive phishing-as-a-service (PhaaS) operation.
According to the complaint, the group created and sold a phishing kit called Lighthouse, which allowed even novice criminals to create fake websites that imitated trusted institutions. The kit, advertised via Telegram and YouTube, offered hundreds of pre-designed templates and tools to launch large-scale e-commerce and smishing scams, and allowed users to create fake websites that impersonated government agencies, financial corporations, and, among others, Google.
Unknown number of “Ago”
Google alleges that in a span of 20 days, the Lighthouse platform was used to create 200,000 fake websites, targeting more than one million victims in 121 countries.
Citing researchers, Google estimates that between 12.7 million and 115 million credit cards in the US alone may have been compromised through attacks powered by Lighthouse.
The exact number of people running the operation is unknown. In the lawsuit, the people are labeled as “Doe” 1-25, although Google acknowledged that the actual number of people is likely much higher.
In some cases, criminals would create fake USPS package delivery texts or alert victims to pending toll payments. They sometimes created counterfeit online stores that stole users’ payment details, and often used stolen information to load victims’ credit cards into digital wallets to make unauthorized payments.
Google claims that Lighthouse operators misused Google logos and trademarks, ran ads through Google Ads, and even uploaded tutorials to YouTube showing how to carry out the scams.
The hackers damaged Google’s reputation, violated its terms of service and forced it to spend hundreds of hours investigating and closing fraudulent accounts, the company concluded.
This is not the first time Google has sued Chinese citizens for cybercrimes, but more often than not the lawsuits fail as China rarely extradites its citizens to the United States, especially when it comes to cybercrimes.
Through The Registry
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
