Internet Giant Takes on Fraudulent Text Message Scammers
The tech behemoth is taking legal action against rampant phishing attacks that are affecting millions of people worldwide. These scams involve fake toll notices, counterfeit online shopping deals, and fraudulent activities posing as financial services.
The company has targeted a group of cybercriminals in China who are selling 'phishing for beginners' kits. These kits assist amateur fraudsters in launching large-scale phishing scams. They deceive countless individuals into revealing sensitive personal information, such as passwords and banking details, by pretending to be reputable brands, government agencies, or even people known to the victims.
The Mechanics of the Scam
These kits, known as "Lighthouse" kits, come in two versions. The version depends on whether the criminals intent to launch text message and online shopping scams. They offer various subscription options, such as weekly, monthly, seasonal, annual, or permanent licenses. The kits contain hundreds of templates for fake websites and tools for setting up these counterfeit sites. They are designed to convince victims they are entering their sensitive information on a legitimate site.
The scams usually kick-off with a text message claiming that a toll fee is overdue or a small fee is required to redeliver a package. Sometimes, they appear as ads that lure victims by imitating well-known brands. Anyone who clicks on these will be redirected to a website where they can input their sensitive information. These sites often claim to accept payments from trusted online wallets.
A large criminal network then assembles the gathered information. Each scammer plays a specific role in this extensive scheme, which has already tricked over a million people in 121 countries. The Lighthouse schemes have led to losses of over a billion dollars.
Aiming to Stop the Scams
The tech giant is pursuing an injunction to halt these scams, stating that its customers are among the millions of innocent victims. The company also objects to the misuse of its trademark by the Lighthouse website templates to deceive users into thinking it’s safe to enter their credentials.
The company further claims that the Lighthouse enterprise is exploiting the public's trust in their brand. The company intends to recover damages if a court concurs that the criminal activities have damaged the company's reputation and earnings.
Scams Heavily Target Americans
The Lighthouse enterprise scheme heavily targets US victims by leveraging trusted institutions or well-known brands. The total damage remains unknown, but the company estimates that between 12.7 million and 115 million credit cards may have been compromised in the United States alone.
Once the scammers acquire a victim's credit card details, they often load the stolen cards into online wallets. They then use the 'tap-to-pay' feature to either buy gift cards in bulk or make payments directly to themselves. The scammers can also benefit from pump-and-dump schemes by artificially inflating the price of a particular stock before selling their original holdings.
Challenges in Blocking Scammers
Blocking scammers has proven difficult as Lighthouse can quickly inform users when a phishing domain has been flagged as suspicious. The scammers use the company's own transparency reporting against it, automatically querying the transparency report to check whether a phishing domain has been flagged as malicious. This gives the scammers time to switch domains and avoid detection.
Even robust security measures have failed to stop the scams, as Lighthouse is designed to deceive users into providing multi-factor authentication codes.
Unmasking the entire enterprise will be difficult, with the complaint only mentioning online aliases and naming a range of unidentified plaintiffs. However, to halt the criminal gang from continuing to offer phishing-as-a-service, the identities of all participants, including software developers, data brokers, spammers, thieves, and administrators, must be revealed.
Cracking Down on the Criminal Enterprise
The company has spent hundreds of hours investigating and remedying Lighthouse scams. It believes that a lawsuit could finally stop the notorious schemes from spreading. Otherwise, the company, along with countless others, will continue to suffer significant harm.
The damages are not stated in the complaint, which accuses the Lighthouse enterprise of committing wire fraud and violating various laws, including the Racketeer Influenced and Corrupt Organizations Act, the Lanham Act, and the Computer Fraud and Abuse Act.
If the company wins, the phishing scams may finally slow down, providing relief to individuals who often have to scrutinize their phones to determine if they ordered a package or forgot to pay a toll. The company has vowed to disrupt the criminal enterprise behind this scheme and stop its spread.