A Phishing-as-a-Service (PhaaS) platform based in China, known as “Lighthouse,” is the subject of a new Google lawsuit.
Lighthouse enables smishing (SMS phishing) campaigns, and if you’re in the US there is a good chance you’ve seen their texts about a small amount you supposedly owe in toll fees. Here’s an example of a toll-fee scam text:
Google’s lawsuit brings claims against the Lighthouse platform under federal racketeering and fraud statutes, including the Racketeer Influenced and Corrupt Organizations Act (RICO), the Lanham Act, and the Computer Fraud and Abuse Act.
The texts lure targets to websites that impersonate toll authorities or other trusted organizations. The goal is to steal personal information and credit card numbers for use in further financial fraud.
As we reported in October 2025, Project Red Hook launched to combine the power of the US Homeland Security Investigations (HSI), law enforcement partners, and businesses to raise awareness of how Chinese organized crime groups use gift cards to launder money.
These toll, postage, and refund scams might look different on the surface, but they all feed the same machine, each one crafted to look like an urgent government or service message demanding a small fee. Together, they form an industrialized text-scam ecosystem that’s earned Chinese crime groups more than $1 billion in just three years.
Google says Lighthouse alone affected more than 1 million victims across 120 countries. A September report by Netcraft discussed two phishing campaigns believed to be associated with Lighthouse and “Lucid,” a very similar PhaaS platform. Since identifying these campaigns, Netcraft has detected more than 17,500 phishing domains targeting 316 brands from 74 countries.
As grounds for the lawsuit, Google says it found at least 107 phishing website templates that feature its own branding to boost credibility. But a lawsuit can only go so far, and Google says robust public policy is needed to address the broader threat of scams:
“We are collaborating with policymakers and are today announcing our endorsement of key bipartisan bills in the U.S. Congress.”
Will lawsuits, disruptions, and even bills make toll-fee scams go away? Not very likely. The only thing that will really help is if their source of income dries up because people stop falling for smishing. Education is the biggest lever.
Red flags in smishing messages
There are some tell-tale signs in these scams to look for:
- Spelling and grammar mistakes: the scammers seem to have problems with formatting dates. For example “September 10nd”, “9st” (instead of 9th or 1st).
- Urgency: you only have one or two days to pay. Or else…
- The over-the-top threats: Real agencies won’t say your “credit score will be affected” for an unpaid traffic violation.
- Made-up legal codes: “Ohio Administrative Code 15C-16.003” doesn’t match any real Ohio BMV administrative codes. When a code looks fake, it probably is!
- Sketchy payment link: Truly trusted organizations don’t send urgent “pay now or else” links by text.
- Vague or missing personalization: Genuine government agencies tend to use your legal name, not a generic scare message sent to many people at the same time.
Be alert to scams
Recognizing scams is the most important part of protecting yourself, so always consider these golden rules:
- Always search phone numbers and email addresses to look for associations with known scams.
- When in doubt, go directly to the website of the organization that contacted you to see if there are any messages for you.
- Do not get rushed into decisions without thinking them through.
- Do not click on links in unsolicited text messages.
- Do not reply, even if the text message explicitly tells you to do so.
If you have engaged with the scammers’ website:
- Immediately change your passwords for any accounts that may have been compromised.
- Contact your bank or financial institution to report the incident and take any necessary steps to protect your accounts, such as freezing them or monitoring for suspicious activity.
- Consider a fraud alert or credit freeze. To start layering protection, you might want to place a fraud alert or credit freeze on your credit file with all three of the primary credit bureaus. This makes it harder for fraudsters to open new accounts in your name.
- US citizens can report confirmed cases of identity theft to the FTC at identitytheft.gov.
Pro tip: You can upload suspicious messages of any kind to Malwarebytes Scam Guard. It will tell you whether it’s likely to be a scam and advise you what to do.
We don’t just report on scams—we help detect them
Cybersecurity risks should never spread beyond a headline. If something looks dodgy to you, check if it’s a scam using Malwarebytes Scam Guard, a feature of our mobile protection products. Submit a screenshot, paste suspicious content, or share a text or phone number, and we’ll tell you if it’s a scam or legit. Download Malwarebytes Mobile Security for iOS or Android and try it today!