Google has launched a major lawsuit to dismantle a massive China-based cybercrime operation called Lighthouse, which it says has scammed millions of Americans using phishing kits that misuse Google’s name and logo.
Key Takeaways
- Google sues China-based Lighthouse phishing network affecting millions globally
- Scammers use fake Google branding to steal financial data and credit cards
- Americans disproportionately targeted with up to 115 million cards compromised
- Operation sells phishing kits via Telegram with subscription plans
Massive Phishing Operation Exposed
Google has filed a landmark lawsuit against what it describes as a vast China-based cybercriminal enterprise called Lighthouse. The operation sells ready-made “phishing for dummies” kits that enable scammers with minimal technical skills to launch large-scale fraud campaigns.
The Lighthouse network provides subscription-based phishing software with hundreds of fake website templates, domain setup tools, and payment features designed to mimic legitimate platforms. These kits are marketed through Telegram channels and were previously promoted on YouTube before Google suspended the accounts.
“These kits allow bad actors to easily execute phishing attacks, tricking people into disclosing passwords, credit card numbers, or other sensitive data by impersonating trusted brands or institutions,” Google said in its filing.
How the Scams Work
The operation begins with fake text messages claiming toll fees or package delivery payments are overdue. Victims are directed to counterfeit websites designed to look like legitimate portals, often branded with Google service logos like Gmail, YouTube, or Google Pay.
Google estimates the Lighthouse network has defrauded over one million people across 121 countries, with global losses exceeding $1 billion according to Department of Homeland Security estimates.
Exploiting Google’s Own Systems
Scammers cleverly use Google’s transparency reporting against the company, automatically querying transparencyreport.google.com every 15 minutes to check if their phishing domains have been flagged. This gives them time to switch domains and avoid detection.
Google expressed particular concern that Lighthouse templates abuse Google trademarks, with at least 116 templates featuring Google, YouTube, Gmail, or Google Play logos on sign-in screens to dupe users.
Americans Bear the Brunt
The scam disproportionately targets Americans, exploiting trusted brands like USPS and E-ZPass. Between July 2023 and October 2024, between 12.7 million and 115 million credit cards may have been compromised in the U.S. alone.
Stolen cards are often loaded into Google Wallet and used via tap-to-pay systems to purchase gift cards or transfer funds directly to scammers. Some criminals also exploit stolen brokerage accounts for “pump-and-dump” stock manipulation schemes.
Sophisticated Evasion Techniques
The operation uses advanced methods to evade detection, including fake multi-factor authentication pages that trick users into entering security codes. Attackers then use these codes to complete fraudulent transactions in real time.
Telegram-Based Criminal Network
Google describes Lighthouse as a “phishing-as-a-service” network run by anonymous actors collaborating via Telegram. They sell software, stolen data, and even offer partnership opportunities for new scams. One channel allegedly has over 2,500 members.
The lawsuit accuses Lighthouse of wire fraud, trademark infringement, racketeering, and Computer Fraud and Abuse Act violations. Google seeks an injunction to halt the scheme, recover damages, and protect users from further harm.
“The Lighthouse enterprise preys on public trust in Google,” the company said. “This historic lawsuit marks the first time a private company has taken direct action to stop these scams and dismantle this criminal network.”
