NEW YORK — Google has filed a lawsuit against what it alleges is a sprawling international network of text message scammers, signaling a major escalation in the tech industry’s battle against digital fraud.
The lawsuit, filed Wednesday in the US District Court for the Southern District of New York, targets a group Google calls “Lighthouse,” which the company alleges provides software and operational support to online scammers.
According to the complaint, Lighthouse operates a “Phishing as a Service” model, offering hundreds of fake website templates that imitate legitimate US based organizations.
Scammers have long used SMS messages, or “smishing,” to dupe mobile users into sharing personal information or making payments.
Victims may receive texts claiming overdue tolls, misdelivered packages, or urgent account issues, often prompting them to click fraudulent links.
Many of these links feature counterfeit logos from trusted companies, including Google, to create a veneer of legitimacy.
Halimah DeLaine Prado, Google’s general counsel, said the company discovered that more than 100 templates included Google’s logos in areas where users were prompted to sign in or enter payment details.
“We are a global company. This hits all of our users,” she said. “We’re concerned about the damage to user trust and not knowing what websites are safe.”
The Lighthouse network allegedly targeted victims in over 120 countries, defrauding millions of dollars annually. The complaint includes screenshots of fake sites that also misused logos of payment processors, credit card companies and social media platforms.
Cybersecurity experts say the Lighthouse case highlights the increasingly organized nature of online scams.
Dr. Leonard Kim, a cybersecurity researcher at the Global Digital Safety Institute, said, “Phishing as a Service lowers the barrier for criminals, enabling even unsophisticated actors to launch sophisticated attacks.
A network like Lighthouse could amplify damage exponentially.” DeLaine Prado noted that from July 2023 through October 2024, Lighthouse created or used 32,094 distinct websites impersonating the US Postal Service alone.
She estimated these sites could have compromised between 12.7 and 115 million US credit cards. “The scale is staggering,” Kim said. These are not isolated scams. They’re industrial operations targeting billions of dollars in potential payments and sensitive data.
According to the Federal Trade Commission, reported losses from phishing and smishing reached $1.2 billion in the US in 2024, an increase of 15 percent from the prior year.
The Google complaint suggests that Lighthouse alone could account for a significant fraction of these incidents, though the exact financial impact remains difficult to quantify.
LSI keywords for context include “mobile phone scams,” “online fraud,” “phishing websites,” “SMS phishing,” and “cybersecurity threats,” all of which underscore the broad nature of digital deception.
Jane Albright, a small business owner in New Jersey, said she received a text claiming a package from a major online retailer was undeliverable. “It looked real, even had the logo,” she said. “I almost entered my card info before realizing it didn’t feel right.”
Meanwhile, college student Marcus Lee in California reported similar messages targeting him through his mobile phone. “These scams are getting smarter,” he said. They’re designed to trick you at first glance.
Google’s lawsuit names the defendants as “Does 1-25,” reflecting the fact that their true identities remain unknown. Instead, the filing cites online handles allegedly used on the encrypted messaging app Telegram.
The defendants are reportedly based in China, beyond the reach of US courts. DeLaine Prado emphasized that the lawsuit’s main goal is deterrence rather than prosecution.
“The goal is to establish a legal basis to request cooperation from other platforms and services in dismantling illegal infrastructure,” she said. She declined to specify which platforms might be targeted in subsequent takedown efforts.
Experts warn that phishing and smishing campaigns are likely to continue evolving. “We’re in a cat and mouse game,” said Dr. Kim. “For every defensive measure companies put in place, fraudsters innovate new techniques.”
Nonetheless, legal actions like Google’s lawsuit may set a precedent for how tech companies approach global scams. “Even if the perpetrators remain anonymous, establishing that these operations are illegal can provide leverage in shutting down networks,” Kim added.
Google’s legal action represents one of the most significant corporate efforts to combat text message based scams at scale.
While the identities of the alleged Lighthouse operators remain unknown, the case highlights the growing risks of phishing and smishing worldwide and the challenges in enforcing US laws across international boundaries.
As digital fraud continues to rise, experts and consumers alike face increasing pressure to recognize threats and secure personal information, underscoring the persistent need for vigilance in an interconnected online world.