Chinese are cyber criminals Cheating the world. Over the past few years, these fraudsters have sent millions of scam text messages – often impersonating the USPS or toll-road collection firms – and have reportedly made more than a billion dollars from their shameless schemes. SMS scammers are a prolific and annoying threat to millions of people.
Now, in one of the most high-profile actions yet against scammers, Google is suing alleged members of a “relentless” Chinese smashing group that it claims has tried to defraud people in more than 120 countries around the world. In a civil lawsuit filed today in the US Southern District of New York, Google alleges that 25 unnamed individuals acted as part of the “Lighthouse” scam network and targeted millions of Americans with text messages in a “shocking” operation.
The company’s lawsuit claims that in addition to “stealing” information and money from people globally, the Lighthouse enterprise, sometimes known as part of the “smishing triad”, also “preys on the public trust in Google” by using its logo on fraudulent websites and abusing its systems and technology. “With the increase in scams, it’s largely due to the actions of organized crime networks, and most of them are international,” Halima Delen Prado, Google’s general counsel, alleged in an interview with WIRED. “The reach of the Lighthouse network is enormous.”
The Lighthouse Group is one of several Chinese-speaking smishing groups that have emerged in recent years. Broadly speaking, the groups send scam messages to thousands of people using SMS, Google’s RCS service, or Apple’s iMessage. Each scam text impersonates an organization – such as a delivery firm, bank, or law enforcement services – and includes a link to a fraudulent website. If someone enters their details into these fake websites, scammers can collect their personal information and bank details in real time. Some groups are also known to create fake online shopping websites that can also lead to data theft.
The heart of Lighthouse operations is its scamming software, called Lighthouse. This software is developed by cyber criminals and then sold as a subscription service to less technically competent fraudsters who use it to send scam text messages. Google’s lawsuit claims scammers can purchase a “weekly, monthly, seasonal, annual, or perpetual” subscription to use the software.
“The Lighthouse platform is a phishing-as-a-service tool used by cybercriminals to steal bank and card information, it offers ready-made phishing templates, fake websites, and backend management tools that enable the collection of usernames, passwords, and one-time codes, and it supports mass message delivery through the RCS (Rich Communication Services) channels of iMessage and Google Messages instead of just SMS,” said the security firm. Says chief intelligence officer Helit Alptekin. ProDraft, which has tracked the Chinese-speaking phishing ecosystem. “It employs advanced anti-piracy technologies such as IP- and user-agent-based filtering, time-limited URLs, and domain rotation,” Alptekin says.