Google is suing to stop phishing attacks that target millions globally, including campaigns that fake toll notices, offer bogus e-commerce deals, and impersonate financial institutions.
In a complaint filed Wednesday, the tech giant accused “a cybercriminal group in China” of selling “phishing for dummies” kits. The kits help unsavvy fraudsters easily “execute a large-scale phishing campaign,” tricking hordes of unsuspecting people into “disclosing sensitive information like passwords, credit card numbers, or banking information, often by impersonating well-known brands, government agencies, or even people the victim knows.”
These branded “Lighthouse” kits offer two versions of software, depending on whether bad actors want to launch SMS and e-commerce scams. “Members may subscribe to weekly, monthly, seasonal, annual, or permanent licenses,” Google alleged. Kits include “hundreds of templates for fake websites, domain set-up tools for those fake websites, and other features designed to dupe victims into believing they are entering sensitive information on a legitimate website.”
Google’s filing said the scams often begin with a text claiming that a toll fee is overdue or a small fee must be paid to redeliver a package. Other times they appear as ads—sometimes even Google ads, until Google detected and suspended accounts—luring victims by mimicking popular brands. Anyone who clicks will be redirected to a website to input sensitive information; the sites often claim to accept payments from trusted wallets like Google Pay.
From there, a vast criminal network operating through YouTube and Telegram channels works to gather the information, with each scammer playing a specific role in a wide-reaching scheme that Google noted has tricked more than a million people in 121 countries so far. Draining wallets and sometimes even bank accounts, the Lighthouse schemes have resulted in losses of “over a billion dollars,” a Google press release said, citing a Department of Homeland Security estimate.
Google is seeking an injunction to end the scams, noting that Google customers are among “millions of innocent victims,” as is Google, which dedicates “substantial” resources to detecting phishing. The tech company is also upset that Lighthouse website templates abuse the Google trademark to dupe users into thinking that it’s safe to enter credentials, noting that “at least 116 templates feature a Google logo (YouTube, Gmail, Google, or Google Play) on the sign-in screen.”