That fake USPS delivery fee text you got? It might trace back to Lighthouse, a 'phishing for dummies' operation that Google is now trying to dismantle through federal court. The tech giant filed a RICO lawsuit against the China-based network, alleging it helped scammers compromise up to 115 million credit cards in the US through fraudulent websites that even steal your keystrokes.
Google just fired its biggest legal shot yet at the shadowy networks behind those annoying spam texts everyone's been getting. The company filed a federal RICO lawsuit against an operation called Lighthouse that it says runs a "phishing for dummies" kit for cybercriminals who couldn't otherwise pull off large-scale scams.
The numbers are staggering. In just 20 days, according to Google's complaint, Lighthouse spun up 200,000 fraudulent websites that lured over a million potential victims. The estimated damage? Somewhere between 12.7 million and 115 million compromised credit cards across the US.
But here's what makes this particularly insidious - Lighthouse allegedly tracks every keystroke users make on their fake pages, meaning your information gets stolen even if you have second thoughts and never hit submit. "The page allegedly tracks users' keystrokes so the information is compromised even if the user has second thoughts before submitting," the complaint states.
The operation works like a subscription service for scammers. Bad actors pay monthly licensing fees to access SMS software and hundreds of website templates that perfectly mimic legitimate organizations like USPS, E-Z Pass, banks, and retail sites. Some of these fake pages even display Google logos to appear more trustworthy - which is partly why the company is suing for trademark infringement alongside RICO violations and fraud charges.
"We've been preparing for this shift since Q2," one scammer might say - except Google tracked Lighthouse's explosive growth this year through public Telegram channels and YouTube videos the group used for recruitment and tech support before they got disrupted.
The lawsuit reveals the disturbing mechanics behind those fake delivery fee texts. A scammer logs into their Lighthouse dashboard, which ironically displays a Google logo like a legitimate sign-in page, then blasts out texts claiming USPS needs payment to complete a delivery. Click the link, and you land on a spoofed USPS page asking for personal and payment details. Every keystroke gets captured and neatly organized in the scammer's dashboard.
