PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.
Don’t miss out on our latest stories. Add PCMag as a preferred source on Google.
Google has sued a Chinese group allegedly behind a wave of scam SMS messages that impersonate E-ZPass and USPS to trick consumers into handing over their credit card details. 
Google seeks to dismantle the “massive Phishing-as-a-Service operation,” which it says has targeted millions of Americans and stolen up to 115 million credit card numbers in the US alone. 
The scam pops up as SMS texts that claim the user has a “stuck package” at the US Postal Service or an “unpaid road toll” through E-ZPass, the electronic toll collection system. Clicking on the link within the SMS will take the user to a malicious website designed to collect any information that’s typed in. The culprits are sending an estimated 100,000+ SMS messages per day. 
Google’s lawsuit alleges that 25 unnamed individuals have been operating the SMS phishing service, according to Wired. The phishing operation works through a scamming software, called “Lighthouse,” which is rented out to other cybercriminals through a subscription service. 
The Lighthouse software offers over 600 phishing templates, meaning it can create SMS phishing attacks impersonating a wide variety of brands, including Google. “We found at least 107 website templates featuring Google’s branding on sign-in screens specifically designed to trick people into believing the sites are legitimate,” the company wrote in a blog post. 
Google is asking the court to impose permanent injunctions on the 25 individuals, though it doesn’t actually know their identities. Even so, the lawsuit’s goal is to give Google the legal power to shut down Lighthouse-related operations across third-party providers.  
“It allows us a legal basis on which to go to other platforms and services and ask for their assistance in taking down different components of this particular illegal infrastructure,” Halimah DeLaine Prado, Google’s general counsel, told NPR. (The company’s lawsuit notes that some Lighthouse operators have been using the messaging app Telegram.)
Still, Google’s lawsuit only targets one scam operation, a band-aid on the threat of online fraud, which continues to plague consumers. The Lighthouse operation will almost certainly adapt. 
As a result, Google is backing three proposed US bills that promise to help better crack down on such scams. They focus on funding local law enforcement to investigate financial fraud targeting retirees, creating a task force focused on blocking illegal foreign robocalls, and developing a national strategy to crack down on compounds dedicated to fueling online scams.
In the meantime, if you get one of these scam texts, delete them and never click any links.
Read Our Editorial Mission Statement and Testing Methodologies.
PCMag.com is a leading authority on technology, delivering lab-based, independent reviews of the latest products and services. Our expert industry analysis and practical solutions help you make better buying decisions and get more from technology.
For over 40 years, PCMag has been a trusted authority on technology, delivering independent, labs-based reviews of the latest products and services. With expert analysis and practical solutions across consumer electronics, software, security, and more, PCMag helps consumers make informed buying decisions and get the most from their tech. From in-depth reviews to the latest news and how-to guides, PCMag is the go-to source for staying ahead in the digital world.

source