Listen to this Post
The cybercrime landscape has faced a significant blow as Google files a high-profile lawsuit against “Lighthouse,” a phishing-as-a-service (PhaaS) platform that has been exploiting SMS phishing, or “smishing,” campaigns worldwide. Lighthouse enables cybercriminals to impersonate trusted entities like the U.S. Postal Service (USPS) and E-ZPass toll systems, luring victims into revealing sensitive credit card information. The platform has reportedly impacted over 1 million individuals across 120 countries, with U.S. losses alone estimated at 115 million payment cards stolen between July 2023 and October 2024.
Lighthouse: The Infrastructure Behind Smishing Scams
Lighthouse operates by providing phishing templates and infrastructure to cybercriminals, essentially functioning as a one-stop shop for smishing operations. By mimicking legitimate services such as USPS and E-ZPass, scammers send text messages designed to terrify recipients into urgent action. Victims are directed to websites that look authentic but are engineered solely to harvest login credentials and financial data.
Google has identified at least 107 phishing templates that misuse its own branding to lend credibility to these fraudulent websites. “They exploit the reputations of Google and other brands by illegally displaying our trademarks and services on fraudulent websites,” the company notes. This tactic of borrowing trusted brand imagery underscores the sophistication of modern phishing operations.
Global Reach and Chinese Threat Actors
Researchers at Cisco Talos have linked Lighthouse to a Chinese threat actor known as “Wang Duo Yu,” who markets and supports the platform through Telegram channels. This actor has facilitated toll road scams targeting users in states like Washington, Florida, Pennsylvania, and Texas. Talos has observed thousands of typosquatted domains continuing operations well into 2025, signaling the persistent evolution of these campaigns.
Lighthouse also uses RCS on Android and iMessage on iOS, enabling messages to bypass conventional spam filters. Subscription pricing for the service ranges from $88 per week to $1,588 per year, according to Netcraft, making it a lucrative commercial venture in the cybercriminal ecosystem. Previous campaigns under the “Smishing Triad” banner were rebranded as Lighthouse in March 2025, showing a pattern of adaptation and obfuscation.
Legal Action and U.S. Policy Support
Google’s lawsuit leverages U.S. federal statutes including the Racketeer Influenced and Corrupt Organizations Act, the Lanham Act, and the Computer Fraud and Abuse Act. Beyond litigation, Google is backing new legislative measures such as the GUARD Act, the Foreign Robocall Elimination Act, and the SCAM Act, all aimed at combating scams, foreign cybercrime, and fraud targeting vulnerable populations. The company is also expanding AI-powered protections in Google Messages and improving account recovery options to prevent similar attacks.
What Undercode Say: Analyzing the Lighthouse Threat
The Lighthouse case illustrates the growing sophistication of PhaaS models and the urgent need for multi-layered defenses. By commoditizing phishing tools, Lighthouse lowered the barrier to entry for cybercriminals, turning smishing into an accessible, profitable venture. This is indicative of a broader trend where criminal operations are becoming more decentralized yet globally coordinated, leveraging digital platforms like Telegram to distribute and monetize illicit tools.
The integration of brand impersonation highlights the psychological manipulation central to these scams. Victims are more likely to respond to messages that visually align with familiar services, a factor Google is attempting to counter with AI-driven detection. The operational scale—over a million victims across 120 countries—demonstrates both the platform’s reach and the challenge of containing such cybercrime through jurisdictional boundaries.
Linking Lighthouse to Wang Duo Yu and observing similarities with other PhaaS operators such as Darcula and Lucid underscores a potential networked ecosystem of Chinese threat actors. These actors appear to share or replicate templates, exploiting gaps in international cyber law enforcement. Subscription-based pricing models indicate that cybercrime is increasingly treated like a commercial enterprise, with tiered services and ongoing support, mirroring legitimate SaaS (Software-as-a-Service) operations.
From a defensive standpoint, organizations must consider proactive measures such as AI-based threat detection, typosquatting domain monitoring, and cross-industry collaborations. Public awareness campaigns remain critical, as human error remains the primary vector exploited by phishing schemes. Google’s support for U.S. legislation reflects a recognition that technological solutions alone cannot stop fraud; policy intervention is necessary to dismantle criminal infrastructure effectively.
The case also signals that the lines between national cybersecurity and consumer protection are increasingly blurred. With financial losses mounting, governments and corporations must collaborate globally to address both technical and legal aspects of phishing-as-a-service operations. Lighthouse is a cautionary tale for the tech community, emphasizing the need for vigilance, adaptive defenses, and continuous monitoring of emerging threat models.
🔍 Fact Checker Results
✅ Lighthouse PhaaS is confirmed to have targeted over 1 million victims globally.
✅ Smishing campaigns using USPS and E-ZPass impersonation have stolen millions of payment cards in the U.S.
❌ There is no evidence that Lighthouse operates outside the PhaaS model; it does not directly commit fraud but facilitates it.
📊 Prediction
Expect the emergence of more PhaaS platforms with similar subscription models, potentially targeting additional sectors like healthcare and finance. AI-driven detection and legislative action may reduce successful scams over the next 12–18 months, but attackers will continue to innovate around bypassing traditional defenses. 🌐💳⚠️
🕵️📝✔️Let’s dive deep and fact‑check.
References:
Reported By: www.bleepingcomputer.com
Extra Source Hub (Possible Sources for article):
https://www.stackexchange.com
Wikipedia
OpenAi & Undercode AI
Image Source:
Unsplash
Undercode AI DI v2
Bing
🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]
📢 Follow UndercodeNews & Stay Tuned:
𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky | 🐘Mastodon
