Google has filed a lawsuit against a cybercrime group
accused of running a global text message phishing network that targeted
millions of users by impersonating well-known brands.
The company said the defendants, largely based in
China, used a phishing-as-a-service tool called “Lighthouse” to send fraudulent
messages and steal sensitive financial data, CNBC reported.
Discover how neo-banks become wealthtech in London at the fmls25
The defendants, described by researchers as the
“Smishing Triad,” allegedly used a phishing-as-a-service kit called Lighthouse
to deploy fraudulent text messages impersonating trusted organizations,
including E-ZPass, the U.S. Postal Service, and even Google itself. Victims were lured to fake websites mimicking brand
login pages, where their financial and personal information was stolen.
The “Lighthouse” Operation
According to Google’s general counsel Halimah DeLaine
Prado, the group “preyed on users’ trust in reputable brands,” leveraging
realistic website templates to harvest credentials. Investigators estimate that
the syndicate has stolen between 12.7 million and 115 million credit cards in
the United States alone.
Google filed the suit under the Racketeer Influenced
and Corrupt Organizations (RICO) Act, the Lanham Act, and the Computer Fraud
and Abuse Act (CFAA). The company seeks to dismantle both the Lighthouse
platform and the broader criminal network behind it.
Internal and external investigations revealed that
around 2,500 members coordinated on public Telegram channels to develop and
maintain the Lighthouse software.
The operation reportedly included separate “data
broker,” “spammer,” and “theft” groups responsible for sourcing victims,
sending fake texts, and monetizing stolen data. Google identified over 100 fraudulent website
templates using its branding alone, highlighting the scale of impersonation.
Financial Institutions Fight Scams Globally
In the US, financial institutions are facing a surge in fraud
driven by artificial intelligence, according to a recent report by identity
verification firm Veriff. The company found that one in every 20 ID
verification attempts in financial services is now fraudulent, signaling a
sharp rise in online identity scams. Veriff’s “Future of Finance” report shows
that identity fraud in the financial sector has increased by 21% over the past
year.
The impact is being felt across the board. Over a
third of U.S. consumers surveyed said they suffered financial losses that could
not be recovered. At the same time, one in three fraud professionals reported
that their organizations lost between 3% and 5% of annual revenue to fraud—an
unsustainable cost burden that Veriff describes as a “fraud tax” on the
industry.
A similar trend is witnessed globally. Central Bank of
Cyprus’ recent report showed increasing cases of payment fraud. The bank outlined
how criminals target various types of non-cash transactions. The report found that card fraud was the most common
type, accounting for 94% of all fraudulent transactions by volume.
However, in terms of value, the greatest losses were
linked to credit transfers, which represented 60% of all fraudulent activity.
Card payments followed, making up 39% of the total fraud value.
This article was written by Jared Kirui at www.financemagnates.com.
Source link
