- Google sues Lighthouse Enterprise for running global phishing-as-a-service fraud operation
- The kit made it possible to create 200,000 fake sites in 20 days, targeting more than a million victims worldwide.
- Lighthouse misused Google assets and may have compromised up to 115 million US credit cards
Google has sued “Lighthouse Enterprise,” a massive Chinese global fraud operation that facilitated the theft of millions of credit cards and hundreds of millions of dollars.
In a federal lawsuit recently filed in the Southern District of New York, Google revealed plans to sue a group of foreign criminals for running a massive phishing-as-a-service (PhaaS) operation.
According to the complaint, the group created and sold a phishing kit called Lighthouse, which allowed even novice criminals to create fake websites imitating trusted institutions. The kit, advertised on Telegram and YouTube, offered hundreds of pre-built templates and tools for running large-scale smishing and e-commerce scams, and allowed users to create fake websites impersonating government agencies, financial companies and – among others – Google.
Unknown number of “dones”
Google claims that in 20 days, the Lighthouse platform was used to create 200,000 fake websites, targeting more than 1 million victims in 121 countries.
Citing researchers, Google estimates that between 12.7 million and 115 million credit cards in the United States alone may have been compromised by attacks carried out by Lighthouse.
The exact number of people running the operation is unknown. In the lawsuit, the individuals are labeled as “Doe” 1-25, although Google has acknowledged that the actual number of people is likely much larger.
In some cases, the scammers created fake USPS package delivery texts or alerted victims of pending toll payments. Sometimes, they created counterfeit online stores that stole users’ payment data and often used the stolen information to load victims’ credit cards into digital wallets to make unauthorized payments.
Google claims that Lighthouse operators misused Google logos and trademarks, served ads through Google Ads, and even uploaded tutorials to YouTube showing how to carry out these scams.
The hackers damaged Google’s reputation, violated its terms of service and forced it to spend hundreds of hours investigating and closing fraudulent accounts, the company concluded.
This is not the first time Google has sued Chinese nationals for cybercrime, but most of the time the prosecutions are unsuccessful because China rarely extradites its citizens to the United States, especially when it comes to cybercrime.
Via The register
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
