Google’s lawsuit against a Chinese-based cybercriminal group highlights the urgent need for stronger cybersecurity measures.
Story Highlights
- Google sues a foreign cybercriminal group behind massive SMS phishing scams.
- The group, known as the “Smishing Triad,” has targeted over 1 million victims across 120 countries.
- Google’s legal action aims to dismantle the phishing operation and protect users.
- New bipartisan bills are being endorsed to combat cyberattacks and fraud.
Google Takes Legal Action Against Cybercriminals
On November 12, 2025, Google filed a lawsuit against a cybercriminal group known as the “Smishing Triad,” which operates a large-scale SMS phishing operation.
This group, reportedly based in China, uses a phishing-as-a-service kit named “Lighthouse” to create fraudulent texts aimed at stealing personal information. This legal action represents a significant step in combating cybercrime, as the group has already victimized over a million people across 120 countries.
The lawsuit, filed under the Racketeer Influenced and Corrupt Organizations (RICO) Act and other legal frameworks, seeks to dismantle both the group and the Lighthouse platform.
These phishing attacks often use reputable brands like E-ZPass and the U.S. Postal Service to trick users into providing sensitive information such as Social Security numbers and banking credentials.
Google is suing 25 people it alleges are behind a “relentless” scam text operation that uses a phishing-as-a-service platform called Lighthouse. https://t.co/xbHjwijp2L
— WIRED (@WIRED) November 12, 2025
The Scale of the Smishing Threat
The Smishing Triad has reportedly stolen between 12.7 million and 115 million credit card details in the U.S. alone. According to Google, the group uses more than 100 different website templates that mimic Google’s branding to appear legitimate.
This crime syndicate is sophisticated, with internal groups such as “data brokers” who supply victim contacts, “spammers” responsible for sending phishing messages, and “theft” groups that coordinate attacks using stolen credentials.
Google’s actions are not just about dismantling the current threat but also deterring similar future operations. The company has also introduced new safety features, such as a Key Verifier tool and AI-powered spam detection, to enhance user protection.
This proactive approach is crucial in safeguarding American citizens from cyber threats that exploit their trust in established brands.
Supporting Legislative Measures
Alongside its lawsuit, Google is endorsing three bipartisan bills aimed at enhancing protection against fraud and cyberattacks.
These include the GUARD Act, targeting scams against retirees; the Foreign Robocall Elimination Act, which seeks to establish a task force against illegal robocalls; and the Scam Compound Accountability and Mobilization Act, which focuses on scam compounds and supports human trafficking survivors.
These legislative efforts underscore the need for a comprehensive strategy to combat cybercrime, combining legal action with policy reforms. Google’s initiative highlights the importance of collaboration between the private sector and government to address the evolving threats that undermine user security and trust.
