Google has filed a lawsuit against a Chinese cybercriminal gang responsible for a massive SMS phishing, or “smishing,” operation that has amassed over a million victims across 120 countries. These fake texts typically claim victims owe toll payments or other similar charges to trick them into handing over their bank details.
CNBC reports that Google has taken legal action against a cybercriminal organization, dubbed the “Smishing Triad” by some cyber researchers, for orchestrating a large-scale text phishing scam. The group, primarily based in China, utilizes a phishing-as-a-service kit called “Lighthouse” to create and deploy fraudulent text messages designed to steal sensitive financial information from unsuspecting victims.
The lawsuit, filed on Wednesday, marks the first time a company has taken legal action against text phishing scams. Google brought claims under the Racketeer Influenced and Corrupt Organizations (RICO) Act, the Lanham Act, and the Computer Fraud and Abuse Act (CFAA), seeking to dismantle the group and the Lighthouse platform.
According to Google, the crime group has stolen approximately 12.7 million to 115 million credit cards in the United States alone. The phishing texts often appear as fake fraud alerts, delivery updates, unpaid government fee notifications, or other seemingly urgent messages, containing malicious links to fake websites designed to steal victims’ Social Security numbers, banking credentials, and other sensitive information.
“They were preying on users’ trust in reputable brands such as E-ZPass, the U.S. Postal Service, and even us as Google,” stated Halimah DeLaine Prado, Google’s general counsel. “The ‘Lighthouse’ enterprise or software creates a bunch of templates in which you create fake websites to pull users’ information.”
Investigations revealed that around 2,500 members of the syndicate were communicating on a public Telegram channel to recruit more members, share advice, and maintain the Lighthouse software. The organization consisted of a “data broker” group that supplied potential victim lists, a “spammer” group responsible for sending the SMS messages, and a “theft” group that coordinated attacks using the stolen credentials on public Telegram channels.
Google discovered more than 100 website templates generated by Lighthouse using Google’s branding on sign-in screens to deceive victims into believing the sites were legitimate. In addition to the lawsuit, Google is endorsing three bipartisan bills aimed at protecting against fraud and cyberattacks: the Guarding Unprotected Aging Retirees from Deception (GUARD) Act, the Foreign Robocall Elimination Act, and the Scam Compound Accountability and Mobilization Act.
What isn’t yet clear is why Google thinks Chinese criminals will recognize the authority of the U.S. court system, or if they expect a hostile communist nation to help rein in these criminals.
Breitbart News previously reported that Chinese scammers have made more than $1 billion from scam text messages aimed at Americans:
According to investigators, the criminal gangs behind these scams take advantage of the stolen credit card details to purchase iPhones, gift cards, clothing, and cosmetics. The fraud is made possible by a trick that allows criminals to install stolen card numbers in Google and Apple Wallets in Asia, and then share the cards with people in the U.S. who make purchases on their behalf.
The scam texts are sent using so-called SIM farms, which are rooms filled with boxes of networking devices stuffed with small white cards that mobile customers typically insert into their new phones to begin making calls or sending texts. These farms enable a single person to send out the same number of text messages that would normally require 1,000 phone numbers.
Read more at CNBC here.
Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship.
