Google Takes Legal Action Against Lighthouse, a Phishing-as-a-Service Operation Across 120 Countries

Google is taking legal action to dismantle Lighthouse, a massive Phishing-as-a-Service (PaaS) operation responsible for a global wave of smishing attacks.

Our analysis reveals the staggering scale of this criminal enterprise and the threat it poses:

• Global Reach: Lighthouse has harmed over 1 million victims across more than 120 countries.
• Financial Impact: In the U.S. alone, actors utilizing this kit have stolen between 12.7 million and 115 million credit cards.
• Infrastructure: We identified at least 107 website templates illegally utilizing Google branding designed to trick users into surrendering credentials.

Disruption requires more than just technical remediation. We are filing litigation under RICO, the Lanham Act, and the Computer Fraud and Abuse Act to shut down the core infrastructure of this operation.

Additionally, we are endorsing bipartisan legislation including the GUARD Act, the Foreign Robocall Elimination Act, and the SCAM Act to empower law enforcement and better protect vulnerable populations.

Read the full details on our strategy to fight scammers here: https://blog.google/company-news/outreach-and-initiatives/public-policy/legal-action-and-legislation-fight-scammers/