If you have a mobile phone, you’ve likely seen dodgy texts claiming overdue tolls or misdelivered packages and urging you to “Click here.” Often these are scams — phishing attacks, or “smishing” when via SMS — sending people to fake sites that steal payment or sign-in details, sometimes using a misappropriated Google logo.
On Wednesday, Google filed a lawsuit in the U.S. District Court for the Southern District of New York against what it alleges is a sprawling China-based criminal organization called “Lighthouse” that provides software and support to online scammers. The complaint says Lighthouse runs a “Phishing-as-a-Service” operation, selling a kit with hundreds of fake website templates. Nearly 200 templates reportedly mimicked U.S.-based sites, including New York City’s official site, the U.S. Postal Service, and the West Virginia DMV.
Google’s general counsel Halimah DeLaine Prado said over 100 templates included Google logos on pages where people were asked to sign in or make payments, creating a false appearance of legitimacy. The suit alleges the Lighthouse network targeted victims in more than 120 countries and swindled millions of dollars each year. Screenshots in the complaint show misuse of other major payment, credit card, and social media logos.
From July 2023 through October 2024, the complaint says Lighthouse created or used 32,094 distinct phishing websites mimicking the U.S. Postal Service. Google estimates those sites could “compromise between 12.7 and 115 million credit cards in the U.S. alone,” though DeLaine Prado declined to give a precise dollar figure for Google’s damages, calling it “a bit immeasurable.”
Google does not know the actual identities of the people it’s suing; the defendants are listed as “Does 1–25,” identified only by handles used on the encrypted messaging app Telegram. Many alleged actors are in China and outside U.S. court reach. DeLaine Prado said the primary goal is deterrence: she is seeking a declaratory judgment that Lighthouse’s activities are illegal to establish a legal basis for asking platforms and services to help take down components of the illegal infrastructure. Even if individuals can’t be reached, she said, the aim is to disrupt the broader infrastructure.
The lawsuit also aims to raise consumer awareness about scams. DeLaine Prado said pursuing scammers is a routine part of Google’s legal work and that the company looks for cases that can draw public attention and where court action can help protect users.
On the same day, Google publicly endorsed three bipartisan bills before Congress intended to help law enforcement target scammers: the Guarding Unprotected Aging Retirees from Deception (GUARD) Act, to allow grant funding for local probes of fraud targeting retirees; the Foreign Robocall Elimination Act, to create a task force to block foreign robocalls; and the Scam Compound Accountability and Mobilization (SCAM) Act, to develop a national strategy to counter “compounds” where people are trafficked to work in scam operations.
The case comes as Google faces other legal challenges. In September, a federal judge ordered the company to share search data with some competitors after finding an illegal monopoly in search. Another court recently ruled parts of Google’s digital advertising practices violate antitrust laws, and Google agreed to a proposed settlement with Epic Games to resolve a separate antitrust suit over its Play app store.
Google is a financial supporter of NPR.
