Google filed a lawsuit on November 12, 2025 against the Smishing Triad, a Chinese‑based cybercriminal group that operates the Lighthouse phishing‑as‑a‑service platform. The suit alleges that the group has stolen between 12.7 million and 115 million U.S. credit cards and targeted more than a million victims in 120 countries through SMS phishing.
The lawsuit is brought under the Racketeer Influenced and Corrupt Organizations Act, the Lanham Act, and the Computer Fraud and Abuse Act, and seeks to dismantle the Lighthouse platform and the criminal organization. Google claims the operation has impersonated trusted brands—including E‑Pass, the U.S. Postal Service, and Google itself—to lure users into fake websites that harvest sensitive financial information.
Google’s general counsel Halimah DeLaine Prado said the legal action is designed to “dismantle the core infrastructure of this operation” and to protect users and other brands from future harm. The lawsuit also aims to obtain court orders that could seize domains and unmask the identities of the defendants, a step that could disrupt the smishing ecosystem.
Beyond the lawsuit, Google is investing in AI‑powered tools that flag scam messages, block malicious links, and educate users about online safety. The company is also backing bipartisan legislation aimed at curbing cybercrime, signaling a broader strategy to combine legal, technological, and policy measures to protect its users.
The filing underscores the growing threat of smishing, which leverages the immediacy of text messaging to trick users into revealing personal data. By targeting over a million victims worldwide, the Smishing Triad’s operation demonstrates the industrialization of cybercrime, and Google’s lawsuit represents a significant step toward holding such criminal enterprises accountable.
While the lawsuit is a legal milestone, its ultimate impact will depend on the court’s ability to secure domain seizures and identity disclosures. Nevertheless, the action sends a clear message that Google will use every available tool—legal, technical, and legislative—to defend its users and brand reputation against large‑scale phishing campaigns.
The content on BeyondSPX is for informational purposes only and should not be construed as financial or investment advice. We are not financial advisors. Consult with a qualified professional before making any investment decisions. Any actions you take based on information from this site are solely at your own risk.