Google took three months to remove scam app that stole over $5M

She’s suing Google for the 5M she lost because “she believed Google was successfully preventing scam apps from becoming available on the Google Play store.” and not because it took them so long to take the scammer’s app down. If they’d done it within 5 minutes it wouldn’t have stopped her from losing her money.

I think google should be held accountable for not removing a malicious app from their app store within a reasonable amount of time, but I’m less sure that Google should be on the hook for the money scammers take. Google can and should do a lot more to prevent malicious apps on their platform, and they should be required to respond quickly when the ones they failed to detect are reported to them, but a play store that only allowed/contained apps that Google was 100% confident could never be used to scam another person wouldn’t be very useful.

Considering she was depositing US dollars into the app for several months before she tried to withdrawal and realized it was a fraud, I think that her stance is a bit more reasonable.

She used the app for 5-6 months, presumably with other people having been scammed repeatedly in the past and having reported the app. Then after she reported it to the CFPB (which is an independent government agency dedicated to preventing these types of scams and other abuses of customers), the CFPB spent 3 months of back and forth with Google before they were willing to take it down.

So the argument is that the app was up for several months with the US government directly reaching out to Google and pushing for them to take the app down for being a scam but they ignored that as long as they could and likely ignored plenty of other reports in the past.

At least personally I’d argue that’s gross negligence.

That’s a bad argument to give someone hot coffee in lap money for, though.

Google and Apple operate monopolistic app stores with predatory fees.

This lady did something foolish.

Redressing the former by removing responsibility for the latter doesn’t make sense.

I’m all for fining Google over this, but the money shouldn’t go to the victim.

What level of financial protection does Google provide on apps in their store? Is there a GDIC clause I missed?

“It was in the store” seem an unreasonably low bar for personal responsibility.

I would think vetting apps means that the apps work for their intended purposes.

It was in the store seems a reasonably level bar for the app has been vetted to show it works for its intended purpose.

Because an app store will always be a bazaar. No one is doing full human code review on apps.

To pretend otherwise is insane. (Even by appealing to app store monopolies or fees, which are immaterial to due diligence responsibility here)

This wasn’t a case of the lady giving $5M to Google for fake crypto.

It was more like Google selling her a phone, then her dialing one of the preset numbers on that phone and getting scammed.

What do you mean by “unverified”? Who is supposed to do the verification and what do they check?

As far as customers are concerned, google verified that the app does what it says it does. If that were the case and she just lost money from bad crypto investments, that would be a complete non-story. However, that is not at all the case.

I think you’re forgetting that the pillar of our economy is trust, and communication, removing the trust and everything collapses, it was engineered like this, our whole economy is engineered on impulses, testimonials, advertising, and shallowness. Remove that, and these corporations save $5m and lose billions.

I agree with you, I wouldn’t give someone 10 euros if not vetting, but if google puts “Verified by Play Protect” , restrict me to do anything, talk about their stores as a safe and vetted place, then it must be kept accountable

There’s two separate issues here:

1. Dealing with Google’s failure to remove in a timely manner

2. Dealing with the fraud

Comingling them creates a slippery slope (“I drove my car into a lake because Maps told me to…”) that erodes normal expectations of personal responsibility.

What should she have done to vet?

Go to the website of the party she’s transferring the money to and verify the app from their end?

That doesn’t seem much to expect for a multi-million dollar personal risk.

Yes – when your argument for insanely high margins (look at net profit and compare to market average) is that you are locking down the store for the benefit of the user and not to abuse your monopolistic position.

Either they are abusing market position to prevent competition on the store (eg. linking to custom payment providers) or they are doing it to guarantee customer experience (Apple fanboys are really big on this line) – in which case they are liable and it’s priced in.

Not a lawyer nor picking sides but I can see an argument where expectation that scams are removed very quickly would greatly reduce the risk profile.

It’s like shopping at a grocery store thinking that recalled foods are de-shelved within hours of a notice but they actually kept selling them for weeks. Much different risk profile.

> If they’d done it within 5 minutes it wouldn’t have stopped her from losing her money.

There’s no reason to believe, and much reason to believe that it’s not the case, that this woman was the very first to complain about this app. Perhaps Google had already received thousands of complaints about the app before she ever downloaded it. That info will presumably come out as the lawsuit proceeds.

People who got wealthy in real estate are typically quite naive, the money came too easily for the past 15+ years and they aren’t aware of how hard most businesses are.

Turns out if you never actually earned the money you tend to think you are untouchable.

I’ve worked with CEOs who were born into money, and those who have earned it, you can tell the difference immediately.

> It still boggles my mind that you can build a fortune of several million, but then be naive enough to download a random crypto app off the app store

You should never be surprised what Florida Man/Woman will do.

As a former resident, there’s an uncharacteristically high number of seemingly well-adjusted but actually batshit-crazy folks there.

Look up Florida school board meetings on YouTube.

I honestly wouldn’t know what to look for either way. Do you have any examples?

I’m not all that enthused about watching a bunch of school board meetings that are probably 97% boring in the hope that I’ll find the exciting 3%.

It was honestly less Republicans (capital-R) and more just disgustingly entitled people drastically overestimating their own importance relative to the communities they live in.

One consequence of Trump pulling a lot of newcomers into politics was their naivety at how political processes actually work.

As in, if you don’t get everything you want, you aren’t immediately justified to escalate and go nuclear.

Speaking as a millennial, you don’t just “get into real estate”, usually it’s seeded by a large amount of generational wealth/inheritance.

Someone struggling to put a deposit together for their own home isn’t going to make bank out of flipping houses and contributing to the shit housing sector. It really is true that all it takes to make money is money, it’s almost effortless.

I mean, from like 30 years ago until now, anyone that ‘got into real estate’ at any point during that period would have been wildly successful.

Though I guess that kind of undermines my initial idea that you needed to have a brain for it.

That doesn’t boggle my mind

Yobit is an long standing exchange, not one I would use

Yobit Pro was a scam app pretending to be related to that exchange

Crypto returns can be quite fast. If you have $4 million and its not really absurd to take that an order of magnitude higher, and be used to the volatility of it going lower.

There are plenty of “random crypto apps” that work fine for any amount of money

Don’t let your own paranoia get in the way

“Not your keys, not your coin” remains true for “Yobit Pro”, FTX and established players like Coinbase

Plenty of random crypto apps are self custody apps that work fine

The people running Yobit Pro are probably using similar levels of OPSEC, and just have a lot more crypto now. This PvP aspect of crypto keeps it going.

Okay, but this woman didn’t own crypto, she owned an app that says she owned crypto in an exchange/brokerage

That has nothing to do with crypto and everything to do with this fake exchange scam, and even with a real exchange it has to do with consumer education on using non custodial apps

It’s downright weird that you have this other mental category for things that say crypto where your mental processing power throttled to the conclusion is “its crypto so let me blame the victim instead and ignore who chose to create a victim while they sent her death threats on whatsapp”

It’s more that the closer you get to crypto, the closer you get to something being a scam. If you are close enough to it that you think to invest 5M in it, I expect you to be aware of that. People do more due due dilligence when buying a washing machine.

Obviously it sucks for the lady, but to some extend it certainly deserves a financial darwin award.

Possibly an unpopular view but I can’t but think the FTC should be able to issue directions to Google and others which have almost instant effect. “this is a scam, shut it down” should not require them to “get back to you about that” if it comes from the Trade Commission.

I am pretty much all-in on more government regulation of Google. Not less. There should be a non-negotiable access path to ask why things happen and an appeals process to their lockouts for end users too. Mandatory human-in-the-loop review.

I’m not sure it’s a good idea.

While such power can be theoretically socially beneficial when granted to truly benevolent agencies under non-corrupt democratic regimes, allow me to introduce you to the Russian Internet watchdog Roskomnadzor as an example how wrong things could get if the agency is not so benevolent.

And the issue with regimes is that they can get corrupt. Even the good ones.

So on that basis you want to close down the FCC, the FDA, FAA…

I get where you’re coming from, but federal agencies in other domains have an ability to tell companies what to do. They can obligate them to do things.

You’re opposed to this on principle? Or just the internet?

No, I don’t want to close FCC, FDA or FAA.

It’s only about the media, because the such shortcut in the ability to tell companies what to do could be abused in a way harmful to free speech – and I think free speech is more important than enforcing quick scam app takedowns.

However, I thought about this, and what FCC could probably do is enforce content labeling for questionable apps (I think it’s in spirit of how their safe harbor rule works) and immediately require marketplaces to mark application as potentially harmful ASAP. That would limit impact to the consumers, but won’t let this be directly abused too much, e.g., against activist apps.

This is the company profiting from the obvious fraud, de-funding departments designed to block such frauds, and with a history of using their size to blunder past any legislative sanctions. I’m shocked, _shocked_ I tell you that the fraud benefiting them personally was allowed to go on for so long.

In less sarcastic news, I’m legitimately surprised it was dropped in only 3 months. That’s a better than average outcome.

How is Google profiting from this fraud ? I doubt the scammers had any in-app purchases. Maybe ads, but I doubt it too since that would make it look unprofessional and invite more reviews from Google.

Also, I don’t think it should fall onto Google to protect users from scams. They already provide tools against it, such as reviews on the app’s page. It would be like saying the gov is responsible for my losses in a ponzi scheme because the company was registered officially.

Unless Google assertively promises users they are protected against scams on the Play Store, they aren’t responsible in any way (other then that they try to make it safe because this increases revenue down the line, of course). Falling for a scam is personal responsibility.

While I obviously have no proof that this is what happened in this case, I’ve seen countless Google ads leading straight to fraud sites and scams like this.

Google also claims the 30% they skim off every legitimate transaction (which is insane) is necessary because they make sure the app store only has legit apps. They should be held to that claim.

In they case they aren’t taking 30% since it’s crypto (ie you are buying a “””tangible””” external product), although you could argue that since the developer account needs to be bought, Google could be held liable this way ?

And I don’t think I’ve since them claim such a thing. It would be strange of them to do so, as it opens them to lawsuits such as this.

Google really doesn’t want people to know what goes on in pay to win games.

While they aren’t outright fraud, they are right there. And those apps probably make billions a year.

I know someone who makes $10m a year pumping out absolute garbage games on Android with all sorts of dark patterns, and have the thick skin to give talks at GDC.

But if you took out all the scammy apps out of Google or Meta ecosystems, they will be worth far less

$10M from garbage mobile “games”, and no liabilities? Is it some lucky exception, or that’s a norm in the industry?

Maybe I should shove up my ideals and principles where the sun doesn’t shine, and ramp up a LLM game generator factory trained on a wiki of dark patterns… I will have pangs of conscience, but if it works I’ll also have my own place to live and some basic financial security that may suffice if^W when my health degrades. And surely a good therapist would be able to fix the conscience later.

(Or does the lion’s share of that money goes to the lawyers, haha?)

This issue is something of a Google thing…

But let’s not pretend Apple doesn’t see pay-to-win games and IAPs as a massive massive cash cow, too. That’s not a Google exclusive.

Yes it is. But “Google does this!” can have implicit “This is a Google issue”, not “This is an issue.”

(And I say that as someone who has had only iPhones since the Lumia 920.)

That’s amazing, it took them 3 months to kill a scam app, but they proactively shutdown smaller apps that break no rules constantly. I swear someone in Google’s exec team is going out of their way to make Google products suck. They’ve all been getting worse for the past several years. Search gives bad results, search qualifiers only work in “verbatim” mode, GMail sucks at spam filtering now, Android is becoming a PITA, Chrome is shoving in new bad features while killing old good features, etc. There was even a big thing about Google Voice having some massive change where lots of features were going away, so I pulled GV out of my life expecting it to go away, and literally nothing changed.

It’s almost like Google is suicidal and these are calls for help.

> That’s amazing, it took them 3 months to kill a scam app, but they proactively shutdown smaller apps that break no rules constantly.

There is a specific reason for this.

The scammers are repeat players. They have a thousand accounts, three quarters of them get shut down, they look at the other 250 to see what’s different, make 1000 more accounts that look more like the ones that didn’t get shut down, now only half of them get shut down and they get even more data on how to avoid getting banned.

Meanwhile the ordinary user has only one account, maybe two or three for small businesses and things. If one account gets shut down their life is disrupted and they have no idea why it happened or what to do about it or how to avoid it happening again.

Google have to shut down 1000 accounts for this one scammer and if they get 999 of them right and 1 of them wrong, the scammer still has an account and the honest user doesn’t.

The real problem here is that we’re expecting Google to do this instead of law enforcement. Is there a scammer? Arrest them. They can’t make 1000 more accounts from prison and then Google don’t have to play whack a mole while clobbering tons of innocent people.

Might be true but at the same time if it takes you three months to process/verify a complaint from the Consumer Financial Protection Bureau you probably are doing a crap job.

Which in turn make it that much easier for scammer.

> The real problem here is that we’re expecting Google to do this instead of law enforcement. Is there a scammer? Arrest them.

What a joke how can you believe that international justice will be fast enough to handle the issue of scammer spamming apps …

In the end those app are probably against the store TOS and if Google can’t manage to correctly enforce their own TOS you can argue it’s partially on them.

> The real problem here is that we’re expecting Google to do this instead of law enforcement. Is there a scammer? Arrest them.

That would be ideal, but getting 195 countries on the same page on cybercrime just isn’t going to happen. As it is we have multiple countries where the government actively sponsors internet scammers.

> Even in Google’s currently evil debased declined state, it’s still infinitely more competent and better than your corrupt compromised legacy government institutions.

Corporations are only efficient when they have corporate responsibilities. Corporations do only efficiency and can select customers. Government must guarantee equality and rights for everyone. Even criminals are citizens with rights.

Let me demonstrate. This is how Google would do it:

(1) Algorithm captures 90% of all criminals (it’s a good algorithm)

(2) 5% (1/20) change that flagged account is a criminal (95% false positives)

(3) 0.01% (1/10000) of all accounts are flagged.

There are around 246 million unique Google users in the US. Closing just 24,600 accounts removes 90%
of criminals. 90% change of capture is a good deterrent.

Google also removes 23,370 innocent accounts.

GOOGLE DOES THIS ALREADY. It’s efficient and well-run (actual numbers may vary) but also brutal and unjust. Legacy government institutions do their job better than Google would.

>The real problem here is that we’re expecting Google to do this instead of law enforcement. Is there a scammer? Arrest them. They can’t make 1000 more accounts from prison and then Google don’t have to play whack a mole while clobbering tons of innocent people.

How can a scammer make 1000 accounts? Don’t they need to give Google Store some gov ID, credit card number? If this are too easy for scammers to get then ask for more documents that a legit company or developer would have. And you can make this more strict stuff optional, if you do not provide this documents your activity and reports are treated 100x more seriously.

My suspicion is that companies are using AI crap to handle user reports, some devs very exited to work on this cool new tech where they can replace even more people in support and QA with scripts.

> How can a scammer make 1000 accounts? Don’t they need to give Google Store some gov ID, credit card number?

Stolen credit cards and other stuff.

People also complain that creating an account of arduous (especially in developing markets) if you have to do too much to create an account.

> My suspicion is that companies are using AI crap to handle user reports, some devs very exited to work on this cool new tech where they can replace even more people in support and QA with scripts.

The complaint is from early 2023. I suspect that whatever anti-abuse systems exist on Google Play hadn’t deeply integrated LLMs at this point, as this is just like a few months after the initial launch of ChatGPT.

>The complaint is from early 2023. I suspect that whatever anti-abuse systems exist on Google Play hadn’t deeply integrated LLMs at this point, as this is just like a few months after the initial launch of ChatGPT.

Google had an AI before ChatGPT, remember that there was some Google developer that made a lot of noise that Google created artificial live and enslaved it or something like that ? And I said AI not LLM

As a user, I’ve had to jump through a lot of hoops like captcha, credit card number, phone number check, dns domain check etc. I’ve been told these are to prevent scammers making 1000 accounts. Now they tell me “well we can’t prevent scammers, because they make 1000 accounts”.

I am beginning to think someone is not 100% truthful to me.

Yeah, some companies are happy to let the bots thrive, I use reddit a lot and I would prefer to have 2 tiers of account,s, validated as real humans and not validated, then I would prefer if developers could do their job and put limits on non validated accounts with bot like activity.
Bu they are happy with bots, I see people getting banned and getting back with a new account with same name just a small change there.

We had the case with Elon Musk complaining about bots and after the took over I read that he is fine with bots now,especially the ones that pay for the blue check mark.

I also wish police would do more in the cases of impersonation, where scammers impersonate people or institution, if this people are from a different country and that country does not collaborate then sanction them.

They killed my Play Store account even after I had fulfilled the eligibility of not getting the account killed in time and never refunded the $25 (had no apps yet). I know this was nothing compared to losses others might have faced but they literally took/stole that $25 from me. They never responded to anything after the last email where they said “it is final.. something policy…” and all that. Nothing, no response at all. They had asked me to add a bank account while I was appealing this so they could refund and I could not add a bank account, there was no way, there was no documentation. They did not reply for 17-18 days and that was also denied and they just closed it saying “since I had not added an account in time… final.. no further response..” etc.

> It’s almost like Google is suicidal and these are calls for help.

No no. They are fine.

Companies like Google, Apple, Microsoft, Amazon etc could they all this because they know the game is rigged in their favour in this world where everything is “legal” and not “justice” and with their resources they can legally take on many countries put together, let alone individuals. That’s why they do what they do and they don’t do what they don’t do.

Don’t forget mobile unless you are firmly in Apple camp with iPhone and iPad devices. You can switch to Apple ecosystem but then the overall cost in the end may be more than the chargeback amount.

It is a pain to install apps and use an Android phone with play services installed but not logged in.

urgh – from google’s pov the scam app was making 30-40M in rev and they get a nice 15-30% cut

they kill off smaller apps because they make little money for them

scam apps need to be proven they’re a scam for them to be remvoed.

It’s exactly like that, even the top grossing “legal” apps are casino games anyways.

There’s a reason Google is paying radio ads in the EU to convince everybody that they are helping small businesses, anybody who ran the figures on the mobile store knows that it wouldn’t survive scrutiny.

> I swear someone in Google’s exec team is going out of their way to make Google products suck.

This may be closer to the truth than many people think. In an analysis from 3 months ago (1,2) it was alleged that Google search sucks so badly not just because of AI and whatnot, but because control of the search division was finally handed to the revenue people in 2019, who promptly rolled back important spam filtering in an effort to drive up searches. Deliberate use of dark patterns to increase “user engagement” is nothing new, of course, but I was still surprised that Google would sink this low. Don’t be evil, bwa-ha-ha-ha.

(1) https://www.wheresyoured.at/the-men-who-killed-google/
(2) HN discussion: https://news.ycombinator.com/item?id=40133976

Oh thank you for saying this about the spam I thought it was just me!

I’ve noticed a huge uptick in spam emails getting through to my mailbox over the last year

To be clear, I assume that modern, sophisticated spam operations are “leading the league” in LLM usage. It must be much harder to stop spam when each email can be individualized by an LLM. And let’s be real: LLMs are already very, very good at producing text that sounds believable. I, myself, have been fooled many times already by recent spam, that is so much more believable than two year ago.

If GMail is getting worse, I can imagine that other, smaller mail services are getting much worse. The best explanation that I have read about why Google (and other major providers) are so good at spam filtering: They can observe a huge portion of the world’s email, so they have the best training sets.

It is interesting that we never hear from GMail folks on HN. You see all kinds of Googlers pop-up into discussions with interesting insights about how the sausage is made. However, I cannot recall anyone from GMail appearing on HN to share some interesting behind-the-scenes stories.

I haven’t invested a lot of time in them. They -always- have a PDF attached. It appears to be an invoice but never has my personal details, other than email address.

The subject is always either ‘Order Confirmation’ or ‘Payment Confirmation.’

They always have a number at the bottom of email or the PDF to call for support/order cancellation. My best guess is that they want people call in rightly claiming they didn’t make an order, then the phishing begins?

I’ve pasted one below, sans PDF. This one is a phone, but it seems to often be an antivirus subscription .

Notice it always comes from a personal name that doesn’t even match the email address, not some fake company. That’s why I don’t understand why Gmail isn’t blocking these!

—

From: Mark Kiehn <[email protected]>
Subject: Payment Confirmation

Need Help? (815) X (570) X (9159)
Congrats on getting your new device! We trust you’re enjoying your purchase and exploring all its amazing features.

Invoice ID: INV//#<8 digit number>

Product: OnePlus 10T Ref: #<8 digit number>
Purchase Date: AUGUST 15, 2024 Total Amount: $397.24
Return Policy
If you’re not satisfied with your device, you can get a full refund within 48 hours of purchase. For assistance or to start a return, contact our support team.

Need Help? (815) X (570) X (9159)

Why does nobody think that it may be plain corruption? It’s a single app that makes $2m. Imagine how many apps like that there are. Imagine if each gave 20% to certain key managers at Google.

We know it happens at governments. Why don’t we think it can happen at corporations?

This computing model generates profit for Google but doesn’t result in a pleasant computing experience.

Everyone short of those capable of practically building portable devices from scratch is stuck with it.

> but they proactively shutdown smaller apps that break no rules constantly.

They just pulled up another lie on my app that I record some forbidden device id and I just hesitate to shut everything down this time. Building a mobile app isn’t worth the effort. The play store and the appstore are better suited to casino games and scams than real apps.

Agree. I’m no fan of Google but when you are in the business of enforcing what amount to fuzzy (some would say arbitrary) rules you’re going to let some crap slip by, and reject some innocent apps. It’s these two tails though that will get the headlines.

To be sure, they should be called out for abuses on both sides of the equation, but it’s understandable that it’s going to happen.

The criticism seems to not be that they make mistakes, but rather that when they do, they don’t care about or deal with the fallout.

Everybody is fallible, and that’s okay, but only if you own up to it and fix it and make the victims of it whole. If you don’t do that, you’re fallible and an asshole.

If you believe what Wiki says, he has been involved in many of the Google products that have shaped our digital lives in the last 20 years:

    > Pichai joined Google in 2004, where he led the product management and innovation efforts for a suite of Google's client software products, including Google Chrome and ChromeOS, as well as being largely responsible for Google Drive. In addition, he went on to oversee the development of other applications such as Gmail and Google Maps.

That is quite a list. I have not accomplished even 1% as much!

This is an example of blatant, obvious scam, but there are also many many others that are technically fine, but effectively end up with the “customer” feeling scammed anyway.

Example: There are many apps that will only let you use the functionality if you agree to a 7 day free trial, which automatically starts billing you some exorbitant weekly fee as soon as that trial ends. Google will typically not refund this when a scammed user complains, since they technically agreed to the terms.

But IMO this is absolute bullshit. $50/week for a stupid flashlight app is not reasonable anywhere. It shows that the only intent of the app is to trick people. No real user would consider paying that much for what the app offers.

But Google benefits from this, so they do absolutely nothing about it, and the play store is full of such crap. The Google/Apple tax on every purchase you make on their platforms is pure profit, none of it is used to make the store better for the customers or genuine sellers.

I will avoid spending a single ₹ on these platforms as a result, and will try to avoid ever writing code for their platforms. Either my app succeeds on the open web, or it doesn’t succeed at all. I’m willing to give up on the entire mobile market due to this, I’ll not be part of a system that exists majorly to trick people into parting with their money and data.

The big takeaway here is to dress well, scam people with smooth talk and abuse every loophole that exists with abstract business standing between you and the problem.

This is just another day for some people.

There are lot of scams– maybe even a majority– that depend on the mark being smart enough and confident enough in their reasoning to talk themselves into the scam.

When you think of a scam victim you should think not of an idiot but a reasonably smart person who is distracted, gets greedy, or thinks that they’re immune to scams.

You don’t need to actively scam idiots, you just offer them bad deals. Do it well enough and you get a bonus for improving shareholder value.

In my country, there’s a quite famous case of a high-IQ (autistic, I believe) millionaire CEO who married a pathological liar that told him all kinds of conspiracy theories about the government, Russian hackers, his ex, and tricked him into losing a huge part of his fortune. He had to be kicked out of his own companies because he refused to back down from the batshit insane claims whispered into his ear.

High IQ does not make you immune to scams. I believe that thinking you’re immune to scams because you have a high IQ only makes you more likely to fall for one some day.

In this case, the app looks to be a classic pig butchering scheme, acting as if it were a real cryptocurrency marketplace, letting people trade and exchange cryptocurrencies in a virtual environment. They may have even tranferred small amounts of money out of the “accounts” to make the whole scam more believeable. Once you transfer back and forth a couple thousand dollars, you’d probably think the app is legit, after all, and invest those millions into the lucrative money making app. Only when people try to get all of their profits out, or when the app goes down, do people find out that they’ve been scammed, but the money is long gone by then.

That’s not my read from the article:

> she invested in about $4.6 million worth of cryptocurrency through the app Yobit Pro, according to a recent lawsuit. When the app reflected a balance of about $7 million, Vaca attempted to withdraw the funds, but was told she’d need to deposit an additional $500,000 for “taxes.”

If you have additional info do share

You’re right, thankyou, I seem to be mistaken. I guess I’ve been watching too many scam videos on YouTube and went into the article with the preconception that this was a typical pig butchering scam.

I’m still having a hard time believing someone would dump $5m into a dodgy app but that does appear to be what we know so far.

Further down the article, the lawsuit is cited:
“As a result of Google’s material misrepresentations and other deceptive conduct, Ms. Vaca has been significantly damaged, including, but not limited to, financial losses of more than $5 Million, severe emotional and psychological distress, and the loss of the real estate business she spent most of her adult life trying to build,” her lawsuit states.

So according to the article she did inverst the 4.6m.

I agree in principle, but the people that should be sued are the scammers, not Google.

With real money one could go after the money mule (or dumb scammer) through their bank account. Maybe Google could be liable if the victim paid through Google Pay, but I somewhat doubt that Google Pay will let you transfer half a million. In this case, the victim’s choice of virtual currency makes it very difficult to find the criminals. I don’t see why Google would need to pay up for that.

I suppose it’s always worth a try to sue Google, because there’s nobody else to sue.