Google has filed a major lawsuit targeting a cybercriminal group accused of orchestrating one of the most widespread text-based phishing schemes in the United States. The group, which Google says is largely based in China, allegedly sent millions of fraudulent E-ZPass and USPS text alerts designed to steal personal and financial information from unsuspecting users.

The operation relied on “smishing,” a phishing method delivered through SMS messages that mimic legitimate institutions. Victims received texts claiming overdue toll payments, missed package deliveries or urgent account warnings. Each message redirected users to convincing replicas of official websites, prompting them to enter sensitive data that the attackers then harvested.

Google’s legal complaint alleges the group operated an extensive network of malicious domains, many of which impersonated trusted US services. The company said its internal security teams have been tracking the campaign for months, linking dozens of phishing pages, redirect URLs and backend servers to the same organised criminal infrastructure.

The lawsuit marks one of Google’s most aggressive moves yet to combat international cybercrime, and comes amid a sharp rise in toll-related and postal-service scam messages across the US. State transportation agencies and the USPS have issued repeated public warnings this year acknowledging that the fraudulent alerts were overwhelming customer hotlines and creating widespread confusion.

Cybersecurity researchers say the sophistication of this particular campaign reflects a growing shift from email-based phishing to SMS-based attacks, which are harder for users to verify and more likely to trigger quick responses. Many of the phishing domains involved were short-lived, registered under foreign operators and designed to evade automated detection tools.

Google is seeking a permanent injunction to dismantle the group’s digital infrastructure and block further domain registrations tied to the network. The company says the lawsuit is part of a broader strategy to put legal pressure on cybercriminals who exploit US consumers while operating outside American jurisdiction.

The case also highlights a deeper challenge for policymakers and tech companies, as scam networks become more decentralised, cross-border and reliant on cheap digital tools that enable large-scale fraud. The E-ZPass and USPS smishing campaigns are now considered among the most pervasive consumer scams of the year, affecting users across nearly every US state.

Google says it will continue issuing takedowns and collaborating with global authorities, but warns that smishing operations are evolving quickly, requiring constant surveillance and faster disruption.