Google Sues Foreign Cybercriminal Group Behind Large-Scale E‑ZPass and USPS Smishing Campaigns

Google announced on Wednesday that it has filed a civil lawsuit in a U.S. federal court against a foreign cybercriminal organization alleged to have orchestrated a widespread SMS phishing, or “smishing,” campaign targeting users of the E‑ZPass toll system and the United States Postal Service’s text messaging service. The lawsuit seeks damages for trademark infringement, false advertising, and violations of the Computer Fraud and Abuse Act.

The group, which security researchers have informally labeled the “Smishing Triad,” is accused of sending millions of fraudulent text messages that appeared to come from official E‑ZPass and USPS sources. Recipients were directed to click malicious links or provide personal information, leading to unauthorized charges, identity theft, and the compromise of mobile devices. According to Google’s filing, the operation generated significant financial losses for both consumers and the affected companies.

Experts note that smishing attacks have risen sharply in recent years, driven by the ubiquity of mobile phones and the relative ease of spoofing sender IDs. Industry analysts estimate that global smishing fraud accounts for billions of dollars in losses annually. In response, technology firms and financial institutions have bolstered verification protocols, such as two‑factor authentication and stricter message filtering, but attackers continue to adapt their tactics.

Google’s legal action follows a series of coordinated efforts by law‑enforcement agencies and private sector partners to dismantle the network behind the scams. Officials from the Department of Justice, while not naming the specific defendants, indicated that similar prosecutions have resulted in arrests and the seizure of illicit revenue streams. The lawsuit also aims to obtain injunctions that would prevent the group from using Google’s trademarks and services in future fraudulent schemes.

Observers suggest that the case could set a precedent for how major technology companies pursue civil remedies against transnational cybercrime groups. If successful, the ruling may provide a template for securing compensation for victims and deterring future smishing operations. The litigation is expected to proceed through the federal court system over the coming months, with both parties likely to engage in extensive discovery and possible settlement discussions.