"The complaint describes Lighthouse as part of a "relentless phishing campaign" that has impacted more than a million people and potentially compromised between 12.7 million and 115 million credit cards in the U.S. alone during just one text scam operation. In one 20-day period, Google estimates that Lighthouse was used to create 200,000 fraudulent websites and attacked more than 1 million potential victims in at least 121 countries, per the filing."
"Lighthouse is marketed as a plug-and-play platform for phishing scams - a "phishing for dummies" kit, as the lawsuit puts it. Users subscribe via Telegram, where a self-service bot lets them pay for access to the software on a "weekly, monthly, seasonal, annual, or permanent" basis, per the complaint. From there, they choose from over 600 spoof templates mimicking more than 400 entities, including the U.S. Postal Service, New York City's government, Apple, banks and toll agencies."
Google filed a civil suit in the Southern District of New York seeking to dismantle the group behind Lighthouse, a phishing-as-a-service operation. Lighthouse sells plug-and-play phishing software via a Telegram self-service bot with subscriptions ranging from weekly to permanent and offers more than 600 spoof templates mimicking over 400 entities. The platform enabled creation of roughly 200,000 fraudulent websites in a 20-day span and attacked over one million potential victims across at least 121 countries. One text scam operation potentially compromised between 12.7 million and 115 million U.S. credit cards. Lighthouse uses SMS prompts like toll or delivery notices and captures payment data without victims clicking submit.
Read at Axios
Unable to calculate read time
Collection
[
|
...
]