That text you got about a ‘fixed package’ from the USPS or an ‘unpaid toll’? It’s not just spam. It’s the calling card of a sophisticated, global scam that has defrauded victims out of millions of dollars.
Today we fight back. We’re filing lawsuits to dismantle “Lighthouse,” a massive phishing-as-a-service operation, and we’re also passing key bipartisan bills in the US Congress to protect everyone from these attacks.
Disruption of a phishing-as-a-service business
Bad actors built “Lighthouse” as a phishing-as-a-service kit to generate and deploy massive “smishing” (SMS phishing) attacks. These attacks leverage established brands like EZ Pass to steal people’s financial information.
The scam is simple: Criminals send a text message asking recipients to click a link and share information such as email credentials, bank details and more. They take advantage of the reputation of Google and other brands by illegally displaying our brands and services on fraudulent websites. We found at least 107 site templates with Google branding on login screens that are specifically designed to trick people into thinking the sites are legitimate.
These crimes inflict enormous economic damage globally. “Lighthouse” has harmed over 1 million victims in more than 120 countries and stolen somewhere between 12.7 million and 115 million credit cards in the US alone. This represents a fivefold increase in these types of attacks since 2020.
Our legal action is designed to dismantle the core infrastructure of this operation. We are filing claims under the Racketeer Influenced and Corrupt Organizations Act, the Lanham Act, and the Computer Fraud and Abuse Act to shut it down and protect users and other brands.
Strengthening defense through policy
Litigation may concern a single operation; robust public policy can address the broader threat of fraud. We are working with policymakers and today announcing our approval of important bipartisan bills in the US Congress. We urge Congress to pass these crucial bills and help bring a decisive end to the economic harm and damage caused by foreign cybercriminals.
- Act to Protect Unprotected Aging Retirees from Deception (GUARD) Act sponsored by Sens. Britt (AL), Scott (FL), Gillibrand (NY) and Reps. Nunn (IA-03), Fitzgerald (WI-05) and Gottheimer (NJ-05): This legislation would empower state and local law enforcement by enabling them to use federal grant funds to investigate financial fraud and scams that specifically target retirees.
- Foreign Robocal Elimination Act sponsored by Sens. Budd (NC) and Welch (VT): This legislation would establish a task force focused on how best to block foreign-originated illegal robocalls before they ever reach American consumers.
- Scam Compound Accountability and Mobilization (SCAM) Act sponsored by Sens. Cornyn (TX) and Shaheen (NH): This legislation will develop a national strategy to address fraud links, strengthen sanctions and support survivors of human trafficking within these links.
In addition to taking legal action and supporting policies that protect people, we’re also launching new features like using AI to flag common scam messages like fake tolls or package deliveries. We also protect people from malicious links and scams in Google Messages. And if you’re exposed to a compromised account, we’re making it safer and easier to regain access to your account by expanding account recovery options with Recovery Contacts. We also continue to step up public education and partnership efforts to help users recognize and avoid fraud. We hope these efforts will help more people stay safe online.
From the courtroom to the Capitol, we are taking action to stop these attacks. But it is a joint struggle. As we take on criminal networks and advocate for stronger laws, we’re also building smarter, AI-powered tools to help you spot and avoid these scams. Together, we can make the digital world a much more difficult place for criminals to do business.