Phishing at Google, the case that uncovers a global scam of 1 billion USD

Google has taken legal action against a China-based hacker group that allegedly operated a global phishing-as-a-service platform known as Lighthouse. According to the demand, this infrastructure allowed the launch of massive “smishing” campaigns (SMS phishing) and fake pages that imitate trusted brands, with more than 1 000 000 victims in 120 countries and estimated losses of around 1 billion dollars.

‍

What is the Lighthouse platform and how did it operate?

The Lighthouse platform offered a subscription business model for cybercriminals: for fees (from hundreds to thousands of dollars), fraudulent page templates, ready-made domains, mass text messages and tools ready to launch campaigns were accessed.

The attacks combined several elements:

• The use of well-known brands such as Google, YouTube, USPS or E-ZPass to gain trust.
  The Register
• Mass sending of SMS with links to fake sites (“smishing”).
• Creation of tens of thousands of domains for very short periods to scale up attacks.

‍

Phishing as a business: the professionalization of cybercrime

The case reveals that phishing is no longer improvised, but rather a global industry with infrastructure, defined roles and technical support. Platforms such as Lighthouse allow any user to launch large scale impersonation campaigns using “as a service” models. A black market has been created where stolen credentials, phishing kits and access to corporate accounts are sold as easily as a legitimate digital product, blurring the line between individual attackers and organized criminal networks.

‍

Scope, casualties and estimated losses

According to the lawsuit, more than 1,000,000 people in at least 120 countries were affected by this operation. The group allegedly stole sensitive data, banking credentials and other personal information that was then used to access accounts, empty digital wallets or resell the data. The estimated amount of losses amounts to around 1 billion USD. Google points out that more than 17,500 phishing domains linked to the scheme and more than 600 fraudulent site templates that mimicked real entities have been detected.

‍

Implications of demand and the message to the sector

Google has filed the lawsuit in the Southern District Court of New York, using laws such as the RICO (Racketeer Influenced and Corrupt Organizations Act) to attack organized cybercrime. The objective is not only to seek compensation, but to dismantle the technical infrastructure and deter future similar operations. The action also includes collaboration with telecommunications networks and web hosting companies to shut down the domains and servers involved. This case reinforces a trend: large technology companies are starting to use legal channels as a cyber defense tool, in addition to technical controls.

‍

What we recommend from Apolo Cybersecurity to strengthen your digital security

• Always check the senders of SMS or emails that indicate urgent actions or pending payment.
• Be wary of messages that use well-known brands asking you to click or enter bank details.
• Activate multifactor authentication (MFA) on your accounts and avoid reusing passwords.
• Check that the URL of the site you are visiting is the official one (watch out for strange letters or omissions).
• If you are a company: monitor if your brand may be being used in phishing or smishing schemes; having an incident response plan is key.

‍

Protect your data and devices before you become a victim

The Lighthouse case demonstrates that phishing and smishing threats have been professionalized and reach a global scale. At Apolo Cybersecurity, we help companies and users to detect risks, reinforce digital protection and maintain control of their personal and corporate data.