Sophos Cloud Optix
One day last August, Susan Harvey tried to download a previously purchased app onto a second mobile phone, only to have Google’s dashboard tell her that – yikes! – there were 109 transactions on her account.
Clicking on another tab on Google’s site led her to find that, even worse, there were about 650 transactions listed, most of which she says she didn’t recognise.
Her bank records told the tale: between April 2013 and May 2014, her account had been drained of thousands of dollars.
According to The Register, the California woman last week filed a lawsuit against Google in the Eastern California District Court, alleging that the search company’s inadequate security enabled crooks to run up thousands of dollars in charges on her Google Play account that were then debited electronically without her sign-off.
Harvey also accuses Google of first refusing to reimburse her, then backing down and agreeing to refund the money, but ultimately failing to pay up as promised.
At first, Google claimed that the transactions in question did, in fact, belong to Harvey.
Both her bank – Bank of America – and Google requested police reports, which Harvey’s lawsuit says she submitted. Still, neither the bank nor Google reimbursed her.
Harvey took matters into her own hands, getting in touch with the vendors listed in the transactions.
Nearly all of them told her that they didn’t recognise the transaction numbers as being part of their own billing. The vendors said that the transactions were, in fact, Google transactions, and that Google itself was receiving the money.
When she relayed her findings to Google, the company acknowledged that Harvey hadn’t made the transactions, but it still refused to reimburse her.
After more complaining, Harvey says Google’s legal department contacted her and told her the refund was in the works.
But as of the time of the filing, not only hadn’t she seen her money, but some of the transactions identified as fraudulent had disappeared from her account.
From the filing:
After plaintiff repeatedly complained and advised Google of her findings, Google's legal department contacted plaintiff and advised her that all transactions would be reimbursed.
To date, all transactions unauthorized by plaintiff have not been reimbursed and notably, some transactions previously identified as fraudulent have been erased from plaintiff's account.
Harvey is claiming that there must have been a flaw in Google Play that allowed thieves to post bogus transactions to her account, that Google acted negligently by allowing her personal information to be breached and her identity to be stolen, and that Google broke breach notification law by not telling her about the problem.
She’s also claiming that Google allowed electronic fund transfers – some recurring – to go through without her authorization.
She’s requesting a jury trial and monetary damages.
Google declined to comment when contacted by The Register.
Regardless of the lawsuit’s outcome, it’s a good reminder of why we should all be keeping a close eye on our bank account statements.
Spotting the first unrecognizable transaction can help stop hemorrhaging of funds to swindlers before you lose thousands, whether the criminals are coming in from Google Play or anywhere else.
Google Play image from Google [CC BY-SA 3.0], via Wikimedia Commons
Use a prepaid master or visa debt card. Put what you want to spend on the card and make your purchase as soon as it shows up . Usually takes about 15 minutes and cost only $3 to load the card and $3 per month – that’s $2 less per month than what my bank charges. They can’t steal what is not there. Unlike bank and credit cards if the money’s not available, the purchase will be declined.
Not a bad idea and one that I use for my kids phone Scarecrow. I use the American Express Server card as it allows me to have sub accounts under mine and I can load my card and then transfer the money over to their card for them to use. If I don’t make 500 a month in purchases from it, it will charge me 1 dollar a month.
Sounds to me like she downloaded a malicious application that allowed attackers to siphon money out of her account. She may have been using a rooted device as well allowing insecure and un-vetted applications to run. It would be wise for her to change every password that she used on that device, and then get another device to prevent this from happening. Also, how does one go a year without knowing they are missing out on thousands of dollars from their back account. Something sure does sound fishy with this story.
I doubt she did that I have had these same issues with Google myself even tho I love them it’s bull for this to keep happening And at times when your in-between pay checks and know for a fact your not spending money you don’t have! Not only that all these unauthorized charges also cause overdraft fee’s you do not get back!!! I m not buying anything from them again!
A year without noticing? I’d say this title is overblown then; “. . . drain her bank account . . .”, yeah… if that was true – she’d have noticed.
“Suck down on,” then? Although I didn’t write this article, I did suggest the headline, and I still think it is satisfactory.
I accept that “drain” can mean to empty entirely (my dictionary uses a swimming pool as an example :-), but it can equally well mean “cause to be lost” (my dictionary uses the effect of hospital bills on your income).
There were 100s of transactions amounting to 1000s of dollars, according to the lawyerly document to which we link in the article, and it doesn’t seem as though that was an amount she could readily absorb, because the complaint describes that she was “shocked” when she saw the transaction list.
According to her lawyers: “As a direct and proximate result of Google’s unlawful, unfair and fraudulent business practices as alleged herein, Plaintiff and has suffered injury in fact and lost money and property, including but not limited to unreimbursed losses stemming from identity theft as well as unreimbursed expenses and/or time spent on credit-monitoring and identity theft insurance; time spent scrutinizing bank statements, credit-card statements, and credit reports; missed wages; late payments on bills;; expenses and/or time spent initiating fraud alerts; and the diminished value of the services she received. Plaintiff has e suffered and will continue to suffer other forms of injury and/or harm including, but not limited to, anxiety, emotional distress, loss of privacy, and other economic and non-economic losses.”
Elsewhere, she is said to have “suffered irreparable harm and monetary damages as a result of Google’s unlawful and wrongful conduct.”
I feel drained just reading about it. So I’ll stick with the word “drain,” if that’s OK.
“Plaintiff has e suffered …”
e-suffering? That’s one way to describe this type of self-victimisation… got a nice GTA-sense-of-humour to it… 🙂
COME ON GOOGLE you know you did wrong stop the tactics. YOU ARE A MULTY BILLION $ COMPANEY you rather prefer to spend big bucks acting stupidity . ITS TIME TO REIMBURIS & PAY UP. ( LIKE YOU SAID YOU WOULD )
While possibly (yet to be determined) Google may have screwed up, if she downloaded a malicious app that mimicked her sign ins and so forth, just how she thinks Google would know her from not her is a bit of a question. Something uses your passwords, it’s going to be considered you doing it. Not checking her banking? Nice she can afford to never do that, but as every single banking institution in the world sends you some kind of statement, monthly in the US, she’s an idiot for not checking and maybe really, she should accept that Google is not responsible for her being an idiot. Time to stop asking everyone else to safeguard us, and get some common sense. Why should anyone else take the blame for her failure to guard herself when the tools to do so are readily available? I had a couple hundred stolen by someone who stole my card number during transactions on a website. I spotted it within a week, because I pay attention to my money. Most of us who can’t afford to lose thousands in a year without even knowing it do that. I really have little sympathy for an idiot.
You know this makes me laugh! It was a unemployment card and it was concealed from me. They have stated my cards on someone elses account but have to protect the privacy of their customers, regardless if it was my card used or notl
Google deleted 4000.00 in charges the bank has. There has been three seperate emails and facebooks added to my account and they will not help me. Trust and believe its far from over and im not the only one! I mean really they flagged it 18 times without telling me! I didnt even have a google wallet! Before you judge pray to god it doest happen to you!
It has happened to us. Google will not help. Wife has been extremely sick so, neither one of us was checking the account like we normally do. $3K gone!! Small amounts of $5.99 or less. Every now and again a charge of $34.99. For MONTHS! Then they drained us in a week. Living paycheck to paycheck right now. Google needs to burn.
I going through the same thing there is not purchased listed on google but it’s money getting taken out my card from it and I just got paid and it took almost half of it and I haven’t seen sorry or refund yet.
Someone needs to put a stop to this. My losses amount to only about 125.00 which im sure ill never see. Im a senior on social security. They took out the money i had set aside for my grandsons birthday gift. STOP USING GOOGLE PLAY!!!