Google is 'very upset' and the reason is China-based company that it says has scammed millions of Americans; many times 'using' Google's name, logo

Google has filed a landmark lawsuit to dismantle what it describes as a vast, China-based cybercriminal operation responsible for phishing attacks that have targeted millions of people worldwide.

In a complaint filed, the tech giant accused a “cybercriminal group in China” of running a sprawling enterprise called Lighthouse, which sells ready-made “phishing for dummies” kits that enable scammers with little technical expertise to carry out large-scale fraud campaigns.According to Google, the Lighthouse network provides subscription-based phishing software—available on weekly, monthly, annual, or even lifetime plans—complete with hundreds of fake website templates, domain setup tools, and payment features designed to mimic legitimate platforms.

The kits are marketed through Telegram channels and were previously promoted on YouTube before Google suspended the associated accounts.“These kits allow bad actors to easily execute phishing attacks, tricking people into disclosing passwords, credit card numbers, or other sensitive data by impersonating trusted brands or institutions,” Google said in its filing.

Fake tolls, e-commerce deals, and more

Google’s lawsuit details how many scams begin with fake text messages claiming a toll fee or package delivery payment is overdue, or with fraudulent ads posing as major retailers or government agencies.

Victims are directed to counterfeit websites designed to look like legitimate portals — often branded with logos from Google services like Gmail, YouTube, or Google Pay — where they unknowingly hand over their financial details.The company said the Lighthouse network has defrauded more than a million people across 121 countries, with estimated global losses exceeding $1 billion, according to a Department of Homeland Security estimate cited in Google’s press release.

'Faking' Google and its websites

Scammers use Google’s own transparency reporting against the company, the complaint said, “automatically” querying “transparencyreport.google.com every 15 minutes to determine whether Google has flagged a phishing domain as malicious.” This gives scammers time to switch domains and “avoid detection,” Google alleged. Google is also upset that Lighthouse website templates abuse the Google trademark to dupe users into thinking that it’s safe to enter credentials, noting that “at least 116 templates feature a Google logo (YouTube, Gmail, Google, or Google Play) on the sign-in screen.

”

Americans hit hardest

Google said the scam “disproportionately targets Americans,” exploiting trusted brands such as USPS and E-ZPass. From July 2023 to October 2024, between 12.7 million and 115 million credit cards may have been compromised in the U.S. alone, the filing alleged.Once obtained, stolen cards are often loaded into Google Wallet and used via tap-to-pay systems to buy gift cards or transfer funds directly to scammers.

Others exploit stolen brokerage accounts for “pump-and-dump” stock manipulation schemes, Google said.The Lighthouse operation allegedly uses sophisticated methods to evade browser and platform detection. Google says the scammers regularly monitor its transparency reports — checking every 15 minutes to see if phishing domains have been flagged — allowing them to rapidly switch domains and stay active.The kits also include fake multi-factor authentication (MFA) pages, tricking users into entering security codes that attackers can use to complete fraudulent transactions in real time.

Spreads via Telegram, WhatsApp and other apps

Google’s complaint describes Lighthouse as a “phishing-as-a-service” network run by anonymous actors who collaborate via Telegram, selling software, stolen data, and even offering to partner on new scams. One channel allegedly has over 2,500 members, where posts include offers such as “Who is fishing? Looking for a partner” and “selling pure handmade wealthy accounts.”The company’s lawsuit accuses the Lighthouse enterprise of wire fraud, trademark infringement, racketeering, and violations of the Computer Fraud and Abuse Act. Google is seeking an injunction to halt the scheme, recover damages, and protect users from further harm.“The Lighthouse enterprise preys on public trust in Google,” the company said. “This historic lawsuit marks the first time a private company has taken direct action to stop these scams and dismantle this criminal network.”