What is Lighthouse and why is it significant?

Lighthouse is a sophisticated phishing kit that makes it simple for even novices to steal payment card data from mobile users. It's one of several prolific phishing-as-a-service operations, responsible for millions of text messages sent globally.

What is the basic scam associated with Lighthouse?

The basic scam involves visitors entering their payment information on a phishing site, which then attempts to enroll the card as a mobile wallet from Apple or Google. The visitor is told that their bank will verify the transaction by sending a one-time code.

Why did Google file this lawsuit?

Google filed this lawsuit because the purveyors of Lighthouse allegedly violated the company's trademarks by including Google's logos on countless phishing websites.

Google Sues Over 25 Individuals for Peddling Lighthouse Phishing Kit

Q: What trend in cybercrime does Adam Issa, Senior Threat Intelligence Consultant at NCC Group, highlight?

Adam Issa highlights the trend of AI being increasingly used to support criminal activity, a shift observed in 2026.

Google alleges that these individuals violated company's trademarks by using Google logos on phishing websites, part of the Smishing Triad responsible for over a million victims across 120 countries.

Google has filed a lawsuit against more than two dozen unnamed individuals allegedly involved in peddling a popular China-based mobile phishing service that helps scammers impersonate hundreds of trusted brands, blast out text message lures, and convert phished payment card data into mobile wallets from Apple and Google. The lawsuit, filed in the Southern District of New York on November 12, targets 25 "John Doe" defendants allegedly linked to the sale of Lighthouse, a sophisticated phishing kit that makes it simple for even novices to steal payment card data from mobile users.

Background and Context

Lighthouse is one of several prolific phishing-as-a-service operations known as the "Smishing Triad," and collectively they are responsible for sending millions of text messages that spoof the U.S. Postal Service to supposedly collect some outstanding delivery fee, or that pretend to be a local toll road operator warning of a delinquent toll fee. More recently, Lighthouse has been used to spoof e-commerce websites, financial institutions, and brokerage firms.

According to Google, the basic scam remains the same: after the visitor enters their payment information, the phishing site will automatically attempt to enroll the card as a mobile wallet from Apple or Google. The phishing site then tells the visitor that their bank is going to verify the transaction by sending a one-time code that needs to be entered into the payment page before the transaction can be completed.

Why it Matters to the Industry

The scale of the Lighthouse phishing attacks is staggering, with over a million victims across 120 countries. Google's lawsuit alleges that the purveyors of Lighthouse violated the company's trademarks by including Google's logos on countless phishing websites. The complaint says Lighthouse offers over 600 templates for phishing websites of more than 400 entities, and that Google's logos were featured on at least a quarter of those templates.

Adam Issa, Senior Threat Intelligence Consultant at NCC Group, notes that the case reflects a broader shift in cybercrime towards the use of artificial intelligence tools. "The AI-ification of cybercrime is one of the key trends observed in 2026, with AI, including legitimate tools and platforms, increasingly used to support criminal activity," Issa said.

Issa also highlights that the main risk for most organizations is not direct network intrusion by Outsider itself, but the wider fallout from stolen credentials and fraud. "For most organizations, the main risk is not direct network intrusion from Outsider itself, but credential theft, payment fraud, customer harm, increased helpdesk workload, brand damage, and downstream account takeover," Issa said.

What Comes Next

Google's lawsuit alleges that Lighthouse operates as a criminal enterprise built on impersonating trusted brands to defraud large numbers of victims. Brett Leatherman, Assistant Director of the FBI's Cyber Division, notes that the use of artificial intelligence has made such schemes harder to detect.

Ford Merrill, who works in security research at SecAlliance, believes that Google's legal action may temporarily disrupt the Lighthouse operators and could make it easier for U.S. federal authorities to bring criminal charges against the group. However, he notes that the Chinese mobile phishing market is so lucrative right now that it's difficult to imagine a popular phishing service voluntarily turning out the lights.

Key Facts

Google has filed a lawsuit against more than two dozen unnamed individuals allegedly involved in peddling a popular China-based mobile phishing service called Lighthouse.
Lighthouse is one of several prolific phishing-as-a-service operations known as the "Smishing Triad," responsible for sending millions of text messages that spoof trusted brands.
The basic scam involves phished payment card data being converted into mobile wallets from Apple and Google.
Google's lawsuit alleges that Lighthouse offers over 600 templates for phishing websites of more than 400 entities, with Google's logos featured on at least a quarter of those templates.
The scale of the Lighthouse phishing attacks is staggering, with over a million victims across 120 countries.