Google has initiated legal action against scammers who orchestrated a large-scale phishing operation involving fraudulent toll-fee websites and applications. The scheme reportedly victimized more than one million individuals through a network of approximately 17,500 fake domains and apps designed to steal sensitive personal and financial information.

The lawsuit, filed in New York, targets developers based in India who are accused of creating these deceptive platforms. The fraudulent sites and apps impersonated India’s official FASTag toll payment system and other legitimate e-wallet services, misleading users into providing their credentials.

Anatomy of the Toll-Fee Phishing Scam

The core of the operation involved creating thousands of websites and applications that mimicked authentic payment services. Scammers used Google Ads to promote these fraudulent platforms, ensuring they appeared prominently in search results for keywords related to toll payments. When users clicked on these ads, they were redirected to phishing sites controlled by the perpetrators.

On these sites, victims were prompted to enter a range of sensitive data. This included bank account information, credit and debit card numbers, PINs, and government-issued identification numbers. The collected information was then used for fraudulent purposes, leading to financial losses for the victims.

Google’s Enforcement and Legal Action

In response to the widespread fraud, Google has taken direct action. The company’s legal filing aims to disrupt the scam’s infrastructure and hold the individuals responsible accountable. The lawsuit seeks to disable the network of fraudulent websites and obtain damages from the defendants for their activities.

Alongside the legal proceedings, Google’s internal teams worked to identify and remove the malicious advertisements from its platform. The company has also taken steps to warn users about such scams and has implemented measures to detect and block similar fraudulent domains and applications in the future.