Nov. 12 (UPI) — Google has filed a lawsuit against a cybercriminal group based in China that it said sends out fraudulent text messages to steal people’s identities and credit cards.
The organization operates a phishing-as-a-service platform called Lighthouse that makes it easy to set up websites that steal people’s information after a text message directs them to the site. The messages often tell recipients they have information on a blocked package or an unpaid road toll.
“Smishing” is like phishing but uses SMS or text messages instead of emails.
Researchers have called the group the Smishing Triad, and it has more than a million victims in 120 countries, Google said in a press release. It has stolen between 12.7 million and 115 million credit cards in the U.S. alone.
“They were preying on users’ trust in reputable brands such as E-ZPass, the U.S. Postal Service, and even us as Google,” Google general counsel Halimah DeLaine Prado told CNBC. “The ‘Lighthouse’ enterprise or software creates a bunch of templates in which you create fake websites to pull users’ information.”
The suit is designed to dismantle the core infrastructure of this operation, Google said. The claim was filed under the Racketeer Influenced and Corrupt Organizations Act, the Lanham Act, and the Computer Fraud and Abuse Act.
“The idea is to prevent its continued proliferation, deter others from doing something similarly, as well as protect both the users and brands that were misused in these websites from future harm,” DeLaine Prado said.
While recovering money is difficult, lawsuits could help disrupt scammers’ operations, Kevin Gosschalk, CEO Arkose Labs, told CBS News.
“It has an impact on the ecosystem,” Gosschalk said. He said that if there are three major groups and you take down the big one, “then the other two start second-guessing, ‘Hey, should we be in this business, or should we get out of this business?'”
Google said internal and third-party investigations found more than 2,500 members of the group speaking on a Telegram channel to recruit members, share advice and maintain the software, DeLaine Prado told CNBC. She said the group was divided into smaller groups in charge of data brokering, spamming and theft.
“While the lawsuit is one potential vector in which we can disrupt it, we also think that this type of cyber activity requires a policy-based approach,” DeLaine Prado said.
Google is working with legislators to enact laws that will help protect against scammers. Some legislation that Google is endorsing include: Guarding Unprotected Aging Retirees from Deception Act, which would provide funds for local law enforcement to investigate scams against retirees; Foreign Robocall Elimination Act, which would create a task force to block foreign-originated illegal robocalls; and the Scam Compound Accountability and Mobilization Act, which would create a strategy to fight scam compounds.
COMMENTS
Please let us know if you're having issues with commenting.