Google sues operators of the “Lighthouse” phishing platform that targeted millions of users

According to the cybersecuritynews.com portal, Google has filed a lawsuit against a criminal operation known as “Lighthouse,” a sophisticated phishing-as-a-service platform that has reportedly affected more than one million people across over 120 countries. Google’s security researchers determined that this is one of the most damaging scam networks in recent years, structured to exploit well-known brand identities in order to deceive victims.

The platform enables attackers to launch large-scale “smishing” campaigns — phishing attacks delivered via SMS messages instead of email. Fraudsters impersonate companies such as E-Z Pass, USPS, and other toll service providers, sending links that direct victims to fraudulent websites. These websites are designed to look legitimate, tricking users into revealing passwords, financial information, and other sensitive data.

Google analysts uncovered at least 107 malicious website templates featuring Google’s branding on fake login screens, further increasing the risk of credential theft. In the United States, the operation has, according to the same source, facilitated the theft of data from tens of millions of credit cards, resulting in a massive financial impact.

Google’s lawsuit cites multiple laws, including RICO, the Lanham Act, and the Computer Fraud and Abuse Act. At the same time, the company is implementing additional security measures — from AI-powered systems that detect suspicious messages to enhanced account recovery options — to help users regain control of compromised accounts more quickly and safely.