Google is filing a federal lawsuit against a network of foreign cybercriminals based in China that is accused of launching massive text-message phishing attacks, the tech giant told CBS News in an exclusive interview.
Google said the messages are part of a criminal network called “Lighthouse.” The texts look legitimate, often warning recipients of a “stuck package” or an “unpaid toll,” but they’re actually phishing or what’s called smishing — a type of phishing scam that uses text messages to try to trick recipients into revealing personal and sensitive information, such as passwords and credit card numbers, which are then stolen.
“These scammers ended up compromising anywhere from 15 [million] to 100 million potential credit cards within the U.S. and impacted, at our current estimates, over a million victims,” Google’s general counsel, Halimah DeLaine Prado, told CBS News.
DeLaine Prado said Google has filed what it calls a first-of-its-kind lawsuit under the RICO Act, which is typically used to take down organized crime rings.
The case targets unknown operators — listed as John Does 1 through 25 — who allegedly built a “phishing-as-a-service” platform to power mass text attacks.
DeLaine Prado said the lawsuit is not meant specifically to help victims recover any losses, but rather to serve as a “deterrent for future criminals to create similar enterprises.”
Google said it found more than 100 fake sites using its logo to trick people into handing over passwords or credit card numbers. According to its complaint, it estimates the group has stolen sensitive information linked to tens of millions of credit cards in the U.S. alone.
Kevin Gosschalk, the CEO of cybersecurity firm Arkose Labs, said that while recovering lost money is a challenge, lawsuits like Google’s could help disrupt scammers’ operations.
“It has an impact on the ecosystem,” Gosschalk told CBS News. He said that if there are three major players and you go after the big one and take it down, “then the other two start second-guessing, ‘Hey, should we be in this business, or should we get out of this business?'”
Google’s move appears aimed as much at setting a legal precedent as at seeking punishment — testing whether a 1970s racketeering law can be applied to a 21st-century digital crime.
Gosschalk said it will be very hard for Google to go after cybercriminals overseas since a lot of them also operate in countries like Cambodia, where there are limited extradition laws.
“But it does mean the individuals behind those things will not be able to travel to the U.S. in the future, so it does add extra risk,” Gosschalk said.
Users can avoid text scams by not clicking links or replying to unknown messages. On an iPhone, users can turn on “Filter Unknown Senders” and “Filter Junk.” On Android, enable Spam Protection and forward scam texts to 7726 (SPAM).
Note that those filters can also catch legitimate messages from numbers that are not in the phone’s contact list, so be sure to check the unknown senders or spam folder once in a while.
Disclaimer : This story is auto aggregated by a computer programme and has not been created or edited by DOWNTHENEWS. Publisher: cbsnews.com
