Google has launched a major legal offensive against what it describes as one of the most aggressive phishing operations it has ever encountered. In a new lawsuit, the company accuses a China-based cybercrime group of running Lighthouse, a vast phishing-as-a-service business that has armed scammers worldwide with turnkey tools to steal passwords, credit card details, and other sensitive information.
According to Google’s complaint, Lighthouse sells ready-made phishing kits to criminals through Telegram, offering weekly, monthly, annual, and lifetime subscriptions. These kits come with fake website templates, domain registration tools, and payment modules designed to mimic legitimate services. The operation reportedly marketed itself on YouTube before Google took down the associated accounts. Google says the kits are designed to help even inexperienced scammers run large-scale fraud campaigns with minimal effort.
How does the scam unfold?The scams frequently begin with fake text messages claiming an overdue toll charge, a pending delivery fee, or a limited-time retail offer. Victims are redirected to counterfeit websites dressed up to resemble official portals from government agencies, retailers, logistics companies, or major tech brands. Google says more than 100 Lighthouse templates use Google logos from services such as Gmail, YouTube, Google Pay, or Google Play to gain the victim’s trust.
Google argues that Lighthouse has defrauded over a million people across 121 countries, citing an estimate from the US Department of Homeland Security that pegs global losses at more than $1 billion. The lawsuit highlights that Americans are hit particularly hard, with between 12.7 million and 115 million credit cards potentially compromised from mid-2023 to late-2024. Stolen cards are commonly loaded into Google Wallet for tap-to-pay purchases, used for gift card fraud, or exploited in brokerage account scams.
The complaint also details the group’s tactics for avoiding detection. Lighthouse allegedly monitors Google’s transparency reporting every 15 minutes to check whether domains have been flagged as malicious. Once detection is imminent, operators simply register fresh domains and continue the scam. Some phishing kits even include fake multi-factor authentication pages designed to capture security codes in real time.
Google describes Lighthouse as a collaborative criminal ecosystem, with participants trading stolen data, selling software, and recruiting partners through Telegram and other messaging apps. One channel reportedly hosts more than 2,500 members and openly advertises fraud-related services.
The company says this marks the first time a private firm has taken direct legal action to shut down a phishing-as-a-service operation of this scale.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
