It’s the platform Google claims is behind a “replicating” scam text operation

Cybercriminals are Chinese Scamming the World Over the past few years, these scammers have sent out millions of text scams — often impersonating the USPS or toll collection companies — and are said to have made more than a billion dollars from their brazen schemes. SMS scammers are a prolific and annoying threat to millions of people.

Now, in one of the most high-profile actions against fraudsters yet, Google is suing alleged members of a “relentless” Chinese ring that it claims has tried to defraud people in more than 120 countries around the world. In a civil lawsuit filed today in the Southern District of New York, Google alleges that 25 unidentified individuals operated as part of the “Lighthouse” fraud network and targeted millions of Americans with texts in a “surprising” operation.

In addition to “stealing” information and money from people around the world, Lighthouse Enterprise, sometimes known as part of the “Smishing Triad,” is “trapping public trust in Google” by using its logos on fake websites and abusing its systems and technology. “With the increase in fraud, this is largely due to the activity of organized crime networks, and most of them are transnational,” Google General Counsel Halima Delin Prado claimed in an interview with WIRED. “The Beacon Network has tremendous reach.”

The Lighthouse group is one of several Chinese-language smishing groups that have emerged in recent years. Generally, these groups send fraudulent messages to thousands of people using SMS, Google’s RCS service, or Apple’s iMessage. Any scam text impersonates an organization – such as delivery companies, banks or law enforcement services – and includes a link to a fraudulent website. If a person enters their information on these fake websites, the fraudsters can collect their personal information and banking information in real time. Some of these groups are also known to create fake online shopping websites that can also steal data.

At the heart of Lighthouse’s operations is its fraud software called Lighthouse. This software is developed by cybercriminals and then sold as a subscription service to less technically competent fraudsters who use it to send fraudulent text messages. Google’s lawsuit alleges that fraudsters can purchase “weekly, monthly, seasonal, annual or perpetual” subscriptions to use the software.

The Lighthouse platform is a phishing tool as a service used by cybercriminals to steal bank and card information, offers ready-made phishing templates, fake websites and backup management tools, allows the collection of usernames, passwords and one-time codes, and large-scale message delivery via RSS and iMesic services. Channels instead of SMS, says Halit Alpetkin, an intelligence officer at security firm Prodaft, which has tracked the Chinese-language phishing ecosystem. “It uses advanced anti-evasion techniques such as IP- and user-agent-based filtering, time-limited URLs, and domain rotation to avoid detection,” says Alpetkin.