Google warns about global ‘smishing’ ring stealing millions via text scams, files lawsuit in US

Google on Wednesday announced that it has filed a lawsuit against foreign cybercriminal organization behind the SMS phishing attacks or ‘Smishing’. In a blogpost, the tech giant announced that bad actors built a phishing-as-a-service called "Lighthouse"to generate and deploy massive attacks.

Google also warned that these attacks exploit established brands like E-Z Pass to steal people's financial information.

The company says it found at least 107 website templates featuring its branding on sign-in screens that are designed to trick people into believing that those fraudulent sites are legitimate.

The new type of attack is also said to be inflicting ‘immense financial harm’ globally with Google estimates suggesting over 1 milion victims of “Lighthouse” attack across more than 120 countires. The company says that attackers have stolen somewhere between 12.7 million and 115 million credit cards in the U.S.

Google general counsel Halimah DeLaine Prado while explaining how the attack works in a statement to CNBC said, “The ‘Lighthouse’ enterprise or software creates a bunch of templates in which you create fake websites to pull users’ information.”

What action is Google taking?

Google says that it's legal action ‘core infrastructure’ of the attackers by bringing claims under the Racketeer Influenced and Corrupt Organizations Act, the Lanham Act, and the Computer Fraud and Abuse Act in order to shut down the attackers.

Apart from taking legal action, Google says it is also launching new features powered by AI to flag common messages such as fake toll fees or package deliveries in order to protect them from scams. The company says it is also protecting people from malicious links and scams in Google Messages.

“if you are the victim of an account compromise, we’re making it safer and easier to regain access to your account by expanding account recovery options with Recovery Contacts. We also continue to intensify public education and partnership efforts to help users recognize and avoid fraud. We hope these efforts will help more people be safe online.” Google said in its blog post.