Google has taken legal action to shut down the Lighthouse phishing-as-a-service platform, which has been used by cybercriminals to conduct SMS smishing attacks impersonating USPS and E-ZPass. The platform has affected over 1 million victims worldwide, stealing millions of payment cards and personal information. #Lighthouse #WangDuoYu
Keypoints
- Google filed a lawsuit to dismantle the Lighthouse PhaaS platform used in global smishing scams.
- The platform provided customizable phishing templates impersonating USPS and toll systems, stealing personal data and payment info.
- Wang Duo Yu, a Chinese threat actor, has been linked to ongoing toll road scams using Lighthouse kits since 2024.
- The platform exploited Googleβs branding on over 107 fake websites to deceive victims into revealing credentials and 2FA codes.
- Google supports U.S. policies and AI tools to improve scam detection and protect consumers from cyber threats.