Google has initiated legal proceedings to halt phishing attacks affecting millions globally, which include deceptive campaigns posing as toll notices, fake e-commerce deals, and impersonations of financial institutions.
According to a lawsuit filed on Wednesday, Google accused a 'cybercriminal group in China' of marketing 'phishing for dummies' kits. Designed for inexperienced fraudsters, these kits facilitate extensive phishing campaigns that mislead numerous individuals into divulging sensitive information such as passwords, credit card numbers, or banking details by mimicking recognizable brands, government agencies, or even acquaintances.
Dubbed 'Lighthouse' kits, they offer distinct software versions for executing SMS and e-commerce cons. As per Google's allegations, scammers can obtain weekly, monthly, seasonal, yearly, or lifetime licenses. The kits include 'hundreds of templates for fake websites, domain setup tools for these fake sites, and additional elements intended to deceive victims into believing they are entering information on a legitimate site.'
The lawsuit indicates these scams typically commence with a message claiming an overdue toll fee or a minimal charge required for redelivering a package. Sometimes these appear as adsâoccasionally Google ads until flagged and suspended by Googleâmimicking popular brands to entice victims. Those who click are redirected to enter confidential details on fraudulent websites, often allegedly accepting payments through reputable wallets like Google Pay.
A criminal network, sprawling across YouTube and Telegram channels, gathers the gathered information. Each scammer has a specific role within this extensive operation, which Google reports have deceived over a million individuals across 121 countries, causing losses surpassing 'over a billion dollars,' per a Google press statement referencing an estimate from the Department of Homeland Security.
Google seeks a court order to terminate the scams, emphasizing that Google users are amongst 'millions of innocent victims,' alongside Google itself, which invests 'substantial' resources in detecting phishing attempts. The tech giant is also offended by the misuse of its trademarks within Lighthouseâs website templates, noting that 'at least 116 templates use a Google logo (YouTube, Gmail, Google, or Google Play) on the sign-in screen to mislead users into believing itâs safe to enter credentials.'