Ethical Hacking News
Google has filed a lawsuit against 25 unnamed China-based scammers, alleging that they have stolen more than 115 million credit card numbers in the US as part of the Lighthouse phishing operation. The company is seeking to disrupt the scam and recover damages, while also advocating for public policy changes aimed at preventing foreign cybercrime.
Google has filed a lawsuit against 25 unnamed China-based scammers accused of stealing over 115 million credit card numbers in the US. The scammers used the Lighthouse phishing operation, which provided hundreds of fake website templates and other tools to dupe victims into visiting phony sites. Google claims that these scams have harmed its customers and the company itself through unauthorized use of trademarks and services. The lawsuit seeks to disrupt the Lighthouse scams, prevent future harm, and recover damages obtained from phishing operations. Extradition laws pose a challenge in prosecuting the scammers, but Google is working with US lawmakers on public policy to address foreign cybercrime threats.
Google has filed a lawsuit against 25 unnamed China-based scammers, alleging that they have stolen more than 115 million credit card numbers in the US as part of the Lighthouse phishing operation. The Lighthouse phishing software service is described in the lawsuit as a "phishing for dummies" kit, which provides criminals with hundreds of templates for fake websites, domain set-up tools for those phony sites, and other features designed to dupe victims into believing they are visiting a legitimate website.
According to Google, these scams include text messages alerting victims about an "unpaid toll violation," or a "stuck package" purporting to come from the US Postal Service. Over a 20-day period, criminals using Lighthouse created more than 200,000 fraudulent websites to target more than one million victims across 121 countries.
The Lighthouse phishing kit offers more than 600 phishing websites mimicking real websites belonging to over 400 entities, with at least 116 of these templates featuring a Google logo, such as YouTube, Gmail, and Google Play on the sign-in screen. This is where Google's attorneys come into play, as the company claims that these phishing attacks have harmed Google's customers and the company itself through the unauthorized use of its trademarks and services.
Google's complaint, citing the Corrupt Organizations (RICO) Act, the Trademark Act of 1946, and the Computer Fraud and Abuse Act, seeks to disrupt the Lighthouse scams and prevent operators from causing future harm. It also seeks to recover damages that the criminals obtained from the phishing operations.
It is worth noting that the 25 "Does" in the lawsuit are very unlikely to end up in a US court – or to see their Lighthouse phishing kit shut down – as they are presumably in China. Beijing seldom allows extraditions to America or prosecutes Chinese scammers stealing money from foreign victims.
In July, Google filed a similar lawsuit against 25 unnamed individuals in China it accuses of breaking into more than 10 million devices worldwide, using those compromised devices to build a botnet (BadBox 2.0) they allegedly used to carry out other cybercrimes and fraud.
Despite the roadblocks posed by extradition laws, Google is working with US lawmakers on public policy that "can address the broader threat of scams." The company has endorsed three bipartisan bills aimed at preventing foreign cybercrime.
The first one, called the Guarding Unprotected Aging Retirees from Deception (GUARD) Act, would allow federal law enforcement to assist state and local cops with tracing tools for blockchain technology to help catch fraudsters who use cryptocurrency to facilitate their crimes. It would also allow grantees of existing federal programs to use funds to increase resources and personnel specifically to use the blockchain for investigating financial fraud.
Second, the Foreign Robocall Elimination Act, would increase cooperation between the feds and the private sector and establish a taskforce focused on how to best block foreign-originated illegal robocalls before they reach Americans.
Finally, the Scam Compound Accountability and Mobilization Act would develop and implement a national strategy to counter scam compounds, allow the president to use International Emergency Economic Powers Act (IEEPA) sanctions against foreign persons who enable international scam compound operations, and support survivors of human trafficking.
As law enforcement agencies and policymakers work to address the complex threat posed by scams like Lighthouse, the importance of cooperation between governments, private companies, and individuals cannot be overstated. By working together, we can create a safer digital landscape for all users and prevent scammers from carrying out their nefarious activities.
In conclusion, Google's lawsuit against 25 China-based scammers highlights the ongoing threat posed by phishing scams like Lighthouse. While the prospect of extradition may pose challenges to law enforcement agencies, it is clear that cooperation between governments, private companies, and individuals is essential in preventing these types of crimes. By supporting legislation aimed at preventing foreign cybercrime and promoting international cooperation, we can create a safer digital world for all.
Related Information:
https://www.ethicalhackingnews.com/articles/Google-Takes-Aim-at-25-China-Based-Scammers-Behind-Lighthouse-Phishing-Kit-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/11/12/google_sues_25_chinabased_scammers/
Published: Wed Nov 12 15:55:58 2025 by llama3.2 3B Q4_K_M
