Google has filed a civil lawsuit in the US District Court for the Southern District of New York against 25 unnamed defendants linked to a massive international phishing operation. The tech giant alleges the group operates Lighthouse, a phishing-as-a-service platform responsible for victimizing over one million people across 120 countries.
Estimates indicate the financial harm from this operation exceeds $1 billion. Between 15 million and 100 million US credit cards may have been compromised through these campaigns.
Lighthouse functions as an infrastructure provider rather than a direct scammer. The platform supplies templates and tools enabling criminals to launch sophisticated SMS phishing attacks impersonating trusted entities like the IRS and US Postal Service. These messages redirect victims to fraudulent sites designed to harvest sensitive financial data.
In a pioneering legal strategy, Google is invoking the Racketeer Influenced and Corrupt Organizations Act. Originally crafted to dismantle organized crime syndicates, RICO allows prosecutors to target the underlying enterprise structure of cybercriminal networks operating beyond traditional jurisdictional reach.
The company seeks injunctive relief and aims to unmask the anonymous operators. This litigation marks a strategic pivot from targeting individual bad actors to dismantling the foundational infrastructure facilitating global fraud. Concurrently, Google has endorsed bipartisan legislation in Congress to strengthen defenses against international scams.
While reports suggest artificial intelligence may play a role in crafting these messages, current court filings lack concrete evidence of AI involvement. Regardless of the technology used, Lighthouse has dramatically lowered barriers to entry for cybercriminals, resulting in millions of fraudulent messages reaching victims worldwide.