Google is filing a federal lawsuit against a China-based network of cybercriminals — dubbed by some cyber researchers as “Smishing Triad” — behind the “Lighthouse” phishing-as-a-service operation, who has stolen over $1 billion from more than a million victims across 121 countries via massive text-message phishing attacks.
The scammers were preying on users' trust in reputable brands such as E-ZPass, the US Postal Service, and even Google.
The texts look legitimate, often warning recipients of a "stuck package" or an "unpaid toll," but they're actually phishing or what's called smishing — a type of phishing scam that uses text messages to try to trick recipients into revealing personal and sensitive information, such as passwords and credit card numbers, which are then stolen.
These scammers have compromised anywhere from 12.7 million to 115 million credit / banking cards within the US.
Google has filed what it calls a first-of-its-kind lawsuit under the RICO Act, which is typically used to take down organized crime rings.
The case targets 25 unknown operators — listed as John Does 1 through 25.
ft.com/content/f90f66
irishtimes.com/business/2025/
blog.google/outreach-initi
cnbc.com/amp/2025/11/12
theregister.com/2025/11/12/goo
wired.com/story/lighthou
silentpush.com/blog/smishing-
