Google has taken aim at online scammers, filing a lawsuit in the U.S. District Court for the Southern District of New York against what it alleges is a sprawling China-based criminal organization known as “Lighthouse,” which provides software and support to fraudsters.
The Lighthouse scamming ring is a large-scale, organized cybercrime operation alleged to operate globally. Lighthouse’s phishing toolkit reportedly enables large-scale SMS, RCS, and iMessage campaigns, providing customers with ready-made templates for mass fraud.
While the defendants’ full identities and locations remain unknown, the operation illustrates the increasing sophistication of cybercrime in 2025, blending automation, social engineering, and global distribution. Legal proceedings are ongoing, and the final outcomes, including convictions or restitution, are yet to be determined.
READ: Google adds Gemini AI to Chrome following antitrust court win (
The lawsuit alleges that the Lighthouse network runs a “Phishing-as-a-Service” operation, selling a software kit that offers hundreds of fake website templates to would-be scammers. Google’s suit says nearly 200 of them have mimicked U.S.-based sites, including New York City’s official website, the post office and the West Virginia DMV.
Phishing-as-a-Service (PhaaS) is a criminal model where cybercriminals provide tools, templates, and infrastructure to others so they can launch phishing attacks without technical expertise. Subscribers get access to pre-made fake websites, email or SMS templates, and automated systems to steal login credentials, banking information, or personal data.
Some PhaaS platforms offer support, updates to bypass security filters, and profit-sharing or subscription models. By industrializing phishing, PhaaS lowers the barrier to entry, enabling large-scale, organized scams that can target millions of victims globally.
The Lighthouse network has targeted victims in more than 120 countries, swindling millions of dollars from victims each year, the suit alleges. Screenshots included in the complaint show that the network apparently misused several other well-known logos, including those of payment, credit card and social media companies.
Google doesn’t know the actual identities of the people it’s trying to sue. The suit refers to the defendants as “Does 1-25” — as in John or Jane Doe, rather than names, the court filing contains only handles that some of those individuals have used on the encrypted messaging app Telegram to do business.
Google can file a lawsuit without named defendants by using “John Doe” placeholders, a common legal strategy when the actual perpetrators are unknown. This allows the case to proceed while investigators attempt to uncover the identities of the alleged criminals.
Through the discovery process, Google can request records from third parties such as domain registrars, hosting providers, and messaging platforms to trace IP addresses, account activity, and other evidence that may reveal who is behind the Lighthouse operation.
Courts allow this approach if the plaintiff shows that the unknown defendants caused harm and their identities are likely discoverable. In cybercrime cases like phishing-as-a-service, where operators often use pseudonyms, encrypted communications, and offshore infrastructure, John Doe designations enable legal action to begin without waiting to identify the perpetrators, helping disrupt the criminal operation more quickly.
Halimah DeLaine Prado, Google’s general counsel, said over 100 of the templates to make fake websites have included the company’s logos in places where people were directed to sign in or make payments, creating the illusion of legitimacy. “We are a global company. This hits all of our users,” she said. “We’re concerned about the damage to user trust and not knowing what websites are safe.”
READ: Google rolls out Gemini 2.5 Pro, their ‘most intelligent AI model’ yet (
DeLaine Prado declined to put a dollar figure on the damage to Google, saying it was “a bit immeasurable,” but noted a stark example of what Google believes to be the reach of the organization.
Lighthouse’s operations include fake websites, email and SMS campaigns, and automated systems that impersonate trusted organizations, including U.S.-based entities like the Postal Service, New York City government, and the DMV, as well as banks, payment platforms, and social media companies. Lighthouse has allegedly targeted victims in over 120 countries, swindling millions of dollars annually, and uses stolen logos and branding to create an appearance of legitimacy.
The scale and automation of the network—tens of thousands of fraudulent websites and campaigns—demonstrate the industrialization of phishing, enabling organized criminals to reach millions efficiently. Legal actions, such as Google’s 2025 lawsuit, aim to disrupt Lighthouse, though many operators’ true identities remain unknown.