Google Uses Courts, Congress to Counter Massive Smishing Campaign
None
<p>Google is taking a multi-pronged approach to stopping a widespread global smishing operation that targeted more than a million victims through text messages warning about <a href="https://securityboulevard.com/2025/01/hackers-use-malicious-pdfs-pose-as-usps-in-mobile-phishing-scam/" target="_blank" rel="noopener">undelivered packages</a> at U.S. Postal Services or UPS centers or unpaid E-ZPass toll fees.</p><p>The IT giant said last week that it had <a href="https://blog.google/outreach-initiatives/public-policy/legal-action-and-legislation-fight-scammers/" target="_blank" rel="noopener">filed a lawsuit</a> in hopes of dismantling the Lighthouse phishing-as-a-service (PhaaS) kit that’s been used by a cybercrime group collectively called Smishing Triad.</p><div class="code-block code-block-13" style="margin: 8px 0; clear: both;"> <style> .ai-rotate {position: relative;} .ai-rotate-hidden {visibility: hidden;} .ai-rotate-hidden-2 {position: absolute; top: 0; left: 0; width: 100%; height: 100%;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback, .ai-list-block, .ai-list-block-ip, .ai-list-block-filter {visibility: hidden; position: absolute; width: 50%; height: 1px; top: -1000px; z-index: -9999; margin: 0px!important;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback {min-width: 1px;} </style> <div class="ai-rotate ai-unprocessed ai-timed-rotation ai-13-1" data-info="WyIxMy0xIiwxXQ==" style="position: relative;"> <div class="ai-rotate-option" style="visibility: hidden;" data-index="1" data-name="U2hvcnQ=" data-time="MTA="> <div class="custom-ad"> <div style="margin: auto; text-align: center;"><a href="https://www.techstrongevents.com/cruisecon-virtual-west-2025/home?ref=in-article-ad-2&utm_source=sb&utm_medium=referral&utm_campaign=in-article-ad-2" target="_blank"><img src="https://securityboulevard.com/wp-content/uploads/2025/10/Banner-770x330-social-1.png" alt="Cruise Con 2025"></a></div> <div class="clear-custom-ad"></div> </div></div> </div> </div><p>A day later, Google’s general counsel, Halimah DeLaine Prado, said in an email sent to media outlets that there were indications that the lawsuit already was interrupting Lighthouse’s operations, calling it “a win for everyone. We will continue to hold malicious scammers accountable and protect consumers.”</p><p>Google added that a screenshot of a message written in Chinese and posted by the threat actors said that their “cloud server has been blocked due to malicious complaints.”</p><h3>Racking Up Victims, Credit Cards</h3><p>Lighthouse has been in operation since 2023, and over the past two years, it had collected more than a million victims from more than 120 countries and stealing between 12.7 million and 115 million credit cards in the United States, Prado wrote in a blog post. It was a five-fold increase in such attacks since 2020.</p><p>Security vendors have been tracking the operation since it emerged on the scene, with Resecurity <a href="https://www.resecurity.com/blog/article/smishing-triad-targeted-usps-and-us-citizens-for-data-theft" target="_blank" rel="noopener">writing in 2023</a> that “the Chinese-speaking threat actors behind this campaign are operating a package-tracking text scam sent via iMessage to collect personally identifying information (PII) and payment credentials from victims, in the furtherance of identity theft and credit card fraud.”</p><p>The threat group behind Lighthouse was named Smishing Triad because of its use of smishing – phishing via SMS text messages – tactics. Initially the attackers focused on packing-tracking messages. However, in <a href="https://www.resecurity.com/blog/article/smishing-triad-is-now-targeting-toll-payment-services-in-a-massive-fraud-campaign-expansion" target="_blank" rel="noopener">another report</a> earlier this year, Resecurity tied Smishing Triad to a surge in fake text message claiming that those targeted owed money either because of unpaid toll bills or could make payment through toll services FasTrak, E-ZPass, and I-Pass.</p><p>In both the undelivered package and unpaid toll scams, the goal was to convince victims to steal victims’ personal and payment information when they paid what they believed were legitimate charges.</p><h3>An Evolving Threat</h3><p>Threat researchers with Palo Alto’s Unit 42 wrote last month that Smishing Triad’s operation was <a href="https://unit42.paloaltonetworks.com/global-smishing-campaign/" target="_blank" rel="noopener">more extensive and complex</a> than what had been reported and that it was continuing to evolve its operations by growing its international reach and improving its social engineering tactics. It also was expanding the range of services it impersonated to include banking, cryptocurrency platforms, e-commerce, healthcare, law enforcement, and social media.</p><p>“The campaign is highly decentralized, lacking a single point of control, and uses a large number of domains and a diverse set of hosting infrastructure,” the Unit 42 researchers wrote, noting that they had identified more than 194,000 malicious domains linked to this operation since the beginning of 2024. “Although these domains are registered through a Hong Kong-based registrar and use Chinese nameservers, the attack infrastructure is primarily hosted on popular U.S. cloud services.”</p><p>Silent Push researchers also noted Smishing Triad’s <a href="https://www.silentpush.com/blog/smishing-triad/" target="_blank" rel="noopener">ongoing growth</a>, writing earlier this year that it had targeted organizations in at least 121 countries, was introducing a banking-focused Lighthouse phishing kit, and bragged that it had least 300 “front desk staff worldwide” supporting the Lighthouse kit. They also said the number of smishing messages sent each day by Smishing Triad was likely significantly more than the estimated 100,000 and that the group rotated its domains, with tens of thousands of them being live each day.</p><p>Google’s Prado wrote that the company’s “legal action is designed to dismantle the core infrastructure of this operation. We are bringing claims under the Racketeer Influenced and Corrupt Organizations Act, the Lanham Act, and the Computer Fraud and Abuse Act to shut it down, protecting users and other brands.”</p><h3>Supporting Congressional Bills</h3><p>At the same time, Google also working with members of Congress to support three pending bills aimed at protecting U.S. citizens against the scams. One is designed to let states use federal grants to investigate financial fraud and scams that target retirees, while another would create a taskforce that would investigate how to block robocalls that originate in another country before they reach Americans.</p><p>The third would create a national strategy to <a href="https://securityboulevard.com/2025/04/un-scam-warning-richixbw/" target="_blank" rel="noopener">address scams compounds</a>, which are massive sites that lure people from other countries with such trickery as fake job ads and force them to participate in a range of scams, from those similar to what Smishing Triad runs to romance and investment scams.</p><p>In addition, Google launched new features that include using AI to detect and flag common scam messages like take toll fees or package deliveries.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2025/11/google-uses-courts-congress-to-counter-massive-smishing-campaign/" data-a2a-title="Google Uses Courts, Congress to Counter Massive Smishing Campaign"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fgoogle-uses-courts-congress-to-counter-massive-smishing-campaign%2F&linkname=Google%20Uses%20Courts%2C%20Congress%20to%20Counter%20Massive%20Smishing%20Campaign" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fgoogle-uses-courts-congress-to-counter-massive-smishing-campaign%2F&linkname=Google%20Uses%20Courts%2C%20Congress%20to%20Counter%20Massive%20Smishing%20Campaign" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fgoogle-uses-courts-congress-to-counter-massive-smishing-campaign%2F&linkname=Google%20Uses%20Courts%2C%20Congress%20to%20Counter%20Massive%20Smishing%20Campaign" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fgoogle-uses-courts-congress-to-counter-massive-smishing-campaign%2F&linkname=Google%20Uses%20Courts%2C%20Congress%20to%20Counter%20Massive%20Smishing%20Campaign" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fgoogle-uses-courts-congress-to-counter-massive-smishing-campaign%2F&linkname=Google%20Uses%20Courts%2C%20Congress%20to%20Counter%20Massive%20Smishing%20Campaign" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>