Karandeep Singh Oberoi is a Durham College Journalism and Mass Media graduate who joined the Android Police team in April 2024, after serving as a full-time News Writer at Canadian publication MobileSyrup.
Prior to joining Android Police, Oberoi worked on feature stories, reviews, evergreen articles, and focused on 'how-to' resources.
Additionally, he informed readers about the latest deals and discounts with quick hit pieces and buyer's guides for all occasions.
Oberoi lives in Toronto, Canada. When not working on a new story, he likes to hit the gym, play soccer (although he keeps calling it football for some reason🤔) and try out new restaurants in the Greater Toronto Area.
I'm getting tired of those "USPS package can't be delivered" and "unpaid toll" scam messages, and at this point, Google seems to have had enough too.
These messages aren't just spam and scam messages that someone's throwing out there — they're part of a sophisticated global scam "that has swindled victims out of millions of dollars." At least that's what Google claims in its latest legal action.
The Mountain View, California-based tech giant announced that it was filing litigation to target and dismantle 'Lighthouse,' a Phishing-as-a-Service operation that facilitates smishing (SMS phishing) campaigns. It is filing claims under the Racketeer Influenced and Corrupt Organizations Act, the Lanham Act, and the Computer Fraud and Abuse Act to shut Lighthouse down.
As explained, Lighthouse is a kit that helps threat actors generate and deploy large-scale phishing attacks once they gather stolen financial and personal information from exploited brands like E-Z Pass.
"The scam is simple: criminals send a text message, prompting recipients to click a link and share information such as email credentials, banking information and more," explained the tech giant. However, that's not what's prompting Google to take legal action — It's what said threat actors display on said links.
The scope of Lighthouse is immense
Credit: Source: PixabayAccording to the tech giant, it found at least 107 fraudulent websites meant to phish for information, each featuring Google's branding on sign-in screens. Such branding is normally put in place to trick people into trusting fraudulent websites. The scope of the scam is immense. Lighthouse has reportedly harmed over 1 million victims across 120+ countries, stealing between 12.7 million and 115 million credit cards in the US alone.
This represents a five-fold increase in these types of attacks since 2020.
Elsewhere, the tech giant knows that while legal action can help curb Lighthouse's influence, similar threats will persist. That's precisely why, in collaboration with policymakers, it is also endorsing key bipartisan bills in the US Congress. These are:
- Guarding Unprotected Aging Retirees from Deception (GUARD) Act sponsored by Sens. Britt (AL), Scott (FL), Gillibrand (NY) and Reps. Nunn (IA-03), Fitzgerald (WI-05), and Gottheimer (NJ-05): This legislation would empower state and local law enforcement by enabling them to utilize federal grant funding to investigate financial fraud and scams specifically targeting retirees.
- Foreign Robocall Elimination Act sponsored by Sens. Budd (NC) and Welch (VT): This legislation would establish a taskforce focused on how to best block foreign-originated illegal robocalls before they ever reach American consumers.
- Scam Compound Accountability and Mobilization (SCAM) Act sponsored by Sens. Cornyn (TX) and Shaheen (NH): This legislation would develop a national strategy to counter scam compounds, enhance sanctions and support survivors of human trafficking within these compounds.
These come in addition to on-device measures that Google's already taking. Pixel's Scam Detection feature, which was previously limited to Google Messages, has now expanded to encompass alerts for third-party chat apps like WhatsApp, Signal, Twitter, and more. Elsewhere, Scam Detection for calls is also shedding its US exclusivity, expanding to the U.K., Ireland, India, Australia, and Canada. You can read more about Google's Scam Detection upgrades here.
