Google goes after China-based scammers in first-ever RICO suit
Google filed a first-of-its-kind civil racketeering (RICO) lawsuit in federal court against 25 unnamed defendants, alleging they are part of “Lighthouse,” a China-based phishing-as-a-service network that has blasted scam texts worldwide and spoofed Google brands. The complaint alleges that Lighthouse facilitated large-scale smishing, which impersonated shippers, toll agencies and government sites to harvest victims’ credentials and payment data.
The alleged operation reflects a broader, billion-dollar smishing economy tied to Chinese criminal groups that the Department of Homeland Security has been tracking, The Wall Street Journal reported.
What the lawsuit alleges
The lawsuit alleges that the Lighthouse network offered over 600 phishing templates to spoof more than 400 organizations, including 116 that used Google’s branding. The platform, which blasted messages via SMS, RCS and iMessage, allegedly created 200,000 fraudulent websites in just 20 days.
Google’s general counsel, Halimah DeLaine Prado, told CBS News that the operation impacted “over a million victims.” Separately, external research cited in the legal filing estimates the network compromised between 12.7 million and 115 million U.S. credit cards, according to Wired.
Google says it’s bringing claims under the RICO Act, the Lanham Act and the CFAA, and is seeking injunctions to dismantle Lighthouse’s infrastructure, according to Fox Business.
Prado told CBS News that the lawsuit is intended as a “deterrent for future criminals.” She also noted that a court order would help Google request that other platforms remove the group’s infrastructure, enabling cross-platform takedowns.
How the scams allegedly worked
The scams are part of a broader operation. Researchers cited by The Wall Street Journal say Chinese networks use “SIM farms” to send mass texts. They then use stolen card data and one-time passcodes to install the cards into Apple and Google Wallets abroad. These wallets are shared with intermediaries in the U.S. for tap-to-pay purchases.
In the Lighthouse scheme, victims click on links for “unpaid tolls” or “stuck packages.” Their keystrokes are captured on the fake sites in real time, which feeds the data directly to the fraudster’s dashboard.
What’s next?
Google is backing federal legislation, such as the GUARD Act, the Foreign Robocall Elimination Act and the SCAM Act, to address these schemes. Experts warn that the fraudsters’ tools evolve quickly and that the groups will likely adapt.
“From the courtroom to the Capitol,” Prado said, “we are taking action to stop these attacks. But this is a shared fight. While we take on criminal networks and advocate for stronger laws, we are also building smarter, AI-driven tools to help you spot and avoid these scams.”
If the court grants Google’s requests, the orders could help dismantle Lighthouse components across various services.
How to protect yourself
Google says new safeguards can help you avoid smishing and recover faster if an account is compromised. In Google Messages, safer links will warn before you open suspected spam links, and Key Verifier lets you confirm a trusted contact by scanning a QR code to prevent impostors.
You can add a recovery contact so someone you trust can help verify it’s you. And on a new Android phone, you can sign in with your mobile number and your old device’s screen lock — no password needed. Google also points users to education efforts, like its “Be Scam Ready” game and partnerships focused on seniors and youth scam awareness.
The post Google goes after China-based scammers in first-ever RICO suit appeared first on Straight Arrow News.
Ella Rae Greene, Editor In Chief
