Google Lawsuit Highlights China-Based Text Scam

‘The scam begins with a text message,’ Google stated in a lawsuit.

Google Lawsuit Highlights China-Based Text Scam — The new Google logo is seen in this illustration taken on May 13, 2025. Dado Ruvic/Reuters

11/29/2025|Updated: 11/30/2025

0:00

On Nov. 12, Google filed a lawsuit in New York federal court seeking to shut down a ring of scammers who it claims are operating a China-based international text-based smishing scheme that has allegedly stolen millions of dollars from customers in the United States.

The lawsuit identifies the perpetrators only as a succession of John Does, numbered one through 25.

“The scam begins with a text message,” the document reads. “It may alert you to a problem with the delivery of a package and invite you to click a link to correct your address and pay a small delivery fee.

“Or it may warn you of an unpaid toll or ticket, directing you to a toll collection website that appears legitimate to pay the outstanding charges.”

Sometimes, scammers say that the recipient needs to make a small transaction, as little as a dollar, to verify their account, Jurgita Lapienyte, chief editor of Cybernews, explained to The Epoch Times.

Beware One-Time Code Messages

“So they would send you a one-time code to confirm the transaction,” Lapienyte said, “In fact, what they are doing by sending you that code, they are linking the card numbers that you entered to their phones.”

Phishing attacks, which as far back as the 1990s used emails to scam unsuspecting victims, evolved into smishing attacks, which use text, or SMS, messages.

The scams have also evolved into voice phishing or vishing attacks, which involve cloning voices to impersonate a friend, relative, or colleague to trick people into making erroneous and fraudulent transactions.

Google’s lawsuit said the Chinese group used phishing-as-a-service software called “Lighthouse” and set up about 200,000 bogus websites over a 20-day period to trick people in the United States.

The Lighthouse smishers posed as representatives from Google, the U.S. Postal Service, or toll-collection system E-ZPass, all of whom are known to send genuine SMS messages in certain circumstances.

Google has requested an unspecified amount of monetary damages from the Chinese scammers, but in reality, according to Lapienyte, it knows that it will never recover any money.

Alphabet, the parent company of Google, announced revenues of $102 billion in the last quarter.

“Google is trying to shine some light on this and attract attention,” Lapienyte said. “And also pushing a few bipartisan bills to find a way to better protect citizens from such scams, where it’s nearly impossible to recover funds.”

Three bills are currently before Congress aimed at addressing phishing and smishing scams. These are the Guarding Unprotected Aging Retirees from Deception Act, the Foreign Robocall Elimination Act, and the Scam Compound Accountability and Mobilization Act.

“We encourage Congress to enact these crucial bills and help bring a decisive end to the financial harm and damage wrought by foreign cybercriminals,” Google general counsel Halimah DeLaine Prado said in a statement posted on the company’s blog.

But there are some who doubt Google’s motives.

‘Legal Saber-Rattling’

Andy Jenkinson, fellow at the Cyber Theory Institute and author of the book “Stuxnet to Sunburst: 20 Years of Digital Exploitation and Cyber Warfare,” called the lawsuit “legal saber-rattling designed to project strength rather than achieve anything meaningful.”

“It is a PR stunt with no practical outcome,” Jenkinson said.

The Lighthouse scammers will inevitably reorganize, regroup, and pop up somewhere else, Lapienyte said.

“You might report one website, but then another, similar one pops up, maybe having a slightly different domain. So it’s really tough for law enforcement to fight this,” she said.

Jenkinson said most of the fraudulent sites typically run on mainstream internet infrastructure.

“The hosting, certificates, and back-end services come from major providers—often U.S. companies. Big Tech is enabling cybercrime, knowingly or unknowingly,” Jenkinson said.

“Google’s high-profile lawsuit is emblematic of a deeper truth: Cybercriminals are evolving faster than Big Tech can react, and headline-grabbing legal actions make little difference on the ground.”

Lapienyte said Lighthouse was one of a number of groups that together are known as the “Smishing Triad.”

Cyber intelligence firm Silent Push said that on March 18, the developer of the Lighthouse software launched a Telegram channel to publicize it and offer it to scammers.

“[Our] analysts have acquired Smishing Triad server log data and determined that portions of the group’s infrastructure generated over one million page visits within a period of only 20 days, averaging 50,000 per day,” Silent Push stated in a report published in May.

“Based on this data, we believe the actual number of messages sent may be significantly higher than the current public estimates of 100,000 SMS messages sent per day.”

DeLaine Prado, general counsel at Google, said the Lighthouse group had targeted 120 countries and stole up to 115 million credit cards in the United States alone. And there has been a fivefold increase in smishing attacks since 2020, she said.

Google said it was seeking an injunction to disrupt the criminal enterprise behind the Lighthouse scheme.

“Millions of Americans have received these text messages and seen these ads, clicked on links to fraudulent websites, entered payment and other personal information, and thereby have become victims of the criminal scheme at the heart of this complaint,” Google stated in the lawsuit.

Google Strategy ‘Clever’

Google’s strategy was “clever,” Lapienyte said, noting that the eventual aim could be to target Alibaba and Tencent, the Chinese companies who she said hosted the majority of the scammers’ fake websites.

She said that if a federal judge in the U.S. District for the Southern District of New York rules that U.S. businesses and individuals have been harmed, Google could then go to Alibaba, Tencent, and other hosting providers in China and take legal action against them for being “instrumental” in enabling a cybercrime operation.

Jenkinson disagrees.

“[It is] a textbook case of psychological projection—blaming others to mask their own weaknesses,” he said.

“Google are unequivocally enabling phishing,” Jenkinson said, highlighting technical inconsistencies and failures to meet core compliance standards, such as Cybersecurity Maturity Model Certification.

The Epoch Times has reached out to Google, Alibaba, and Tencent, but had not received a response by publication time.

We had a problem loading this article. Please enable javascript or use a different browser. If the issue persists, please visit our help center.