Google Winner Email Scam

Also Known As: possible malware infections
Distribution: Low
Damage level: Severe

"Google winner email scam" removal guide

What is "Google winner email scam"?

The "Google winner" scam is distributed using a spam email campaign that tricks people into believing that they have won £950,000.00. In fact, this particular email steals private information by leading users to websites where they are asked to enter login details, passwords, etc. These emails are often used to distribute malicious programs. Therefore, do not trust "Google winner" and other similar scams - ignore them.

Google winner spam campaign

Scammers present the "Google winner" email as a winning notification message. It states that the recipient has been selected as a winner of £950,000.00 for actively using Google services (Google search engine, Gmail, Maps, etc.). To claim the prize, users are encouraged to contact the Foreign Payment Bureau via briancarter@g-reward.com and provide them with details such as full name, contact address, country and nationality, telephone/mobile telephone, occupation, age and gender, and private email address. People are urged to keep their winning information confidential until the claim is processed and prize is remitted. As mentioned above, this is simply a scam and you should not contact these scammers via the email address or send your details. Note that Google has nothing to do with this fake online lottery. As part of the scam, people are provided with a web link to a site where they are asked to enter their login details and passwords - this is how scammers use this particular scam to steal personal details.

Threat Summary:
Name Google Winner Email Scam
Threat Type Phishing, Scam, Social Engineering, Fraud
Symptoms Unauthorized online purchases, changed online account passwords, identity theft, illegal access of one's computer.
Distribution methods Deceptive emails, rogue online pop-up ads, search engine poisoning techniques, misspelled domains.
Damage Loss of sensitive private information, monetary loss, identity theft.
Removal

To eliminate possible malware infections our malware researchers recommend scanning your computer with Spyhunter.
▼ Download Spyhunter
Free scanner checks if your computer is infected. To remove malware, you have to purchase the full version of Spyhunter.

There are many scammers who use a number of different spam campaigns. Some examples of other similar scams are Looked At You For Several Months, I Am A Spyware Software Developer, and Services Which Actually I Sell In Darknet. In most cases, they attempt to extort money from regular users, however, some spam campaign infect computers with high-risk viruses such as TrickBot, Emotet, AZORult, Adwind, and so on. In these cases, people receive emails that contain malicious attachments (or web links leading to such documents). Attached documents are usually Microsoft Office documents (Word, Excel, and others), PDF files, archive files such as RAR, ZIP, executable files, and so on. The purpose of these malicious attachments is to install computer infections that steal personal data (passwords, logins, banking details, etc.) and cause problems relating to privacy, browsing safety financial losses, and other problems. Furthermore, the aforementioned viruses also spread other infections such as ransomware.

We receive a great deal of feedback from concerned users about this type of scam email. Here is the most popular question we receive (in this case, relating to a scam that claims to have obtained compromising videos or photos of the user):

Q: Hi pcrisk.com team, I received an email stating that my computer was hacked and they have a video of me. Now they are asking for a ransom in Bitcoins. I think this must be true because they listed my real name and password in the email. What should I do?

A: Do not worry about this email. Neither hackers nor cyber criminals have infiltrated/hacked your computer and there is no video of you watching pornography. Simply ignore the message and do not send any Bitcoins. Your email, name, and password was probably stolen from a compromised website such as  Yahoo (these website breaches are common). If you are concerned, you can check if your accounts have been compromised by visiting haveibeenpwned website.

How do spam campaigns infect computers?

Malicious attachments presented in emails sent by scammers (cyber criminals) infect computers only when they are opened/executed. Therefore, manual intervention by a recipient is required. If the attached file is a Microsoft Office documents, once it is downloaded and opened, it asks for permission to enable macro commends. Enabling them allows the downloaded malicious attachment to install a computer infection. If the attached file is an archive file, it will first need to be extracted. This will probably contain an executable file (.exe) that, once executed, will install a malicious program. In any case, malicious files (attachments) presented in spam email campaigns cannot do any harm unless they are opened.

How to avoid installation of malware?

Ignore irrelevant emails received from unknown/untrustworthy email addresses. If an email contain an attachment (or web link), do not open it. Download software using official and trustworthy websites (or other sources). This does not include various peer-to-peer networks (torrents, eMule and so on), third party downloaders, etc. Download and install software with care. Do not skip download/installation set-up steps without checking "Custom", "Advanced", and other similar settings or options. Opt-out of any offers to install additional software and only then finish the download/installation. Update software using implemented functions or tools provided by official software developers only. Never use third party software updaters, since these are often dubious and install malicious programs. Use a Microsoft Office suite version no earlier than 2010: newer versions have "Protected View" mode, which prevents downloaded malicious documents from installing computer infections. If you have already opened malicious attachments, we recommend running a scan with Spyhunter for Windows to automatically eliminate infiltrated malware.

Text presented in the "Google winner" email message:

Subject: OFFICIAL WINNING NOTIFICATION LETTER
Dear Google User.
You have been selected as a winner for using Google services, attached to this email is Our Official Notification Letter for your perusal.
Larry Page,
CEO/CO-FOUNDER,
GOOGLE INC.

 Screenshot of the PDF document presented in "Google winner" scam:

pdf file presented in Google winner scam

Text presented in PDF document:

Google UK Ltd
Belgrave House
76 Buckingham Palace Road London SW1W 9TQ United Kingdom.
OFFICIAL WINNING NOTIFICATION LETTER
Ref No: GAAP/ 5653/657/2018 Batch: GAAP/ 563/GAPRO/UK
We wish to congratulate you over your success in the official publication of results of the E-mail electronic online sweepstake organized by Google Inc., in conjunction with VisaÆ/MasterCardÆ International and confirmed by our co- sponsors the Foundation for the Promotion of Software Products (F.P.S.P). Over the years Google earns itsí profit mainly from advertising using their very own Google search engine, Gmail, Gala, Sify e-mail services, Google Maps, Google Apps, Orkut social networking and You Tube video sharing, which are all offered to the public for free.
Due to your active use of Google services, you have been selected as one of the Ten (10) winners in the ongoing E- mail Electronic Online Sweepstakes. Hence we believe with your prize, you will continue to be active in your patronage to Google and its Products, we wish to inform you that you are entitled to £950,000.00 GBP {Nine Hundred and Fifty Thousand British Pounds}. A Bank Draft will be issued in your name by our Foreign Payment Bureau and also a Certificate of prize claim will be processed alongside your Bank Draft. All Payments will be made to you through our accredited paying bank (ELECTRONIC SWIFT TRANSFER) to your bank account in your country without you coming down to United Kingdom.
Your prize will be transferred to you upon meeting the requirements of the British Lottery Commission which includes your statutory obligations. You are advised to contact our Foreign Payment Bureau with the details below:
PAYMENT CLAIMS FORM
1) Your Full Names:
2) Your Contact Address:
3) Your Country/Nationality:
4) Your Telephone/Mobile Number(s):
5) Occupation:
6) Age/Gender:
7) Private Email Address (OPTIONAL):
8) Ever Won An Online Lottery?
Google values your right to privacy! Your information is 100% secured and will be used exclusively for the purpose of this award only.
Send all response via email to our Foreign Payment Bureau officer below:

Name: Brian Carter
Senior Vice President and Chief Legal
Email: briancarter@g-reward.com

NOTE!!! For security reasons, you are advised to keep your winning information confidential till your claims are processed and your winning prize remitted to you through our accredited paying bank. This is part of our precautionary measure to avoid double claims and unwarranted abuse of this program please be WARNED!!!!
Congratulations from the Staffs & Members of Google Anniversary Award Team.

Larry Page,
CEO/CO-FOUNDER, GOOGLE INC.
©Copyright 2018 Google Incorporation. All rights reserved.

Yet another variant of this email scam:

google winner scam email variant 2

Text presented in this variant:

Dear Google User,
Find attached Google Official Letter confirming you as a winner of the ongoing AWARD PROMOTION, congratulations from all us.
Sundar Pichai,
Chief Executive Officer,
Google Inc.

GOOGLE INC.,
Google LLC
1600 Amphitheatre Parkway Mountain View, CA 94043 USA.
RE: OFFICIAL WINNING NOT IFICATION LETTER:-
BAT CH ID: 10084-202807 REFFERENCE ID:2807/0708/1408
We wish to congratulate you ony our success as you were selected as a winner in the official publication of results oft he E-mail electronic online sweepstake organized by Google Foundation and Foundation for the Promotion of Software Products (F.P.S.P).
You have been selected as one oft he lucky winners in the ongoing GOOGLE Electronic Online Sweepstakes and you are entitled to $1,450,000.00 USD {One Million Four Hundred and Fifty Thousand} in your category.
For processing of your payment, you are required to send the following information immediately:
PAYMENT CLAIMS FORM
1) Your Full Names:
2) Your Contact Address:
3) Your Country/Nationality:
4) Y our Telephone/Mobile Number(s):
5) Occupation:
6) Age/Gender:
7) Private Email Address (OPTIONAL):
8) Ever Won An Online Lottery?
Your prize will be transferred to you through our accredited paying bank upon meeting the requirements. All Payments will be made to you through our accredited paying bank (ELECTRONIC SWIFT TRANSFER) to your bank account in your country without you coming down to our office.
Send your payment verification information via email to our Vice President and Foreign Payment Administrator
below:
...............................................................................................................
Name:Jon Alferness Vice President and Payment Administrator.
Email: jonalferness.vice@gmail.com ...............................................................................................................
NOTE!!! For security reasons, you are advised to keep this notification confidential as part of our precautionary measure to avoid double claims and unwarranted abuse of this program.
Sundar Pichai,
Chief Executive Officer, Google Inc.

Another malicious attachment (Official Winning Letter by Google and mastercard visa 2019.pdf) distributed via this email spam campaign:

Google Winner email spam campaign attachment Official Winning Letter by Google and mastercard visa 2019.pdf

Text presented within this PDF document:

Google Visa/MasterCard (GVMC) Award
Purchase Street, Purchase, NY 10577 United States.
Your e-mail address winning details:
- Award Batch No: GVMC/6736006577/2019
- E-Ticket No: 2970006736006577UK/US
- E-Grant Amount: £950,000.00
OFFICIAL WINNING NOTIFICATION LETTER
This is to inform you that you have been selected as a winner for using Google Services bythe E-mail
electronic online sweepstake organized by Google, in conjunction with the Foundation for the Promotion of
Software Products (F.P.S.P) and confirmed by our co-sponsors Visa®/MasterCard® International. You have
therefore beenawarded the sum of£950,000.00 with E-Ticket No: 2970006736006577UK/US. Be informed
that your prize has been insured and a Visa/MasterCard will be credited with the total sum won and
delivered to your designated address which you are to provide to your claim administrator. We do believe
with your prize, you will continue to be active in your usage of Google services and Visa/MasterCard
products.
Furthermore, your winning prize delivery logistics will be superintended by our European-regional
representative office as was indicated in your winning coupon slip. Your prize will be released to you upon
meeting the requirement of the promotion award board authority which includes your statutory obligations.
You are advised to contact our Foreign Payment Bureau with your Claims information as required below to
file your Claims:
CLAIMS FORM
1) Full Names:
2) Address:
3) Phone Number:
4) Age:
5) Occupation:
6) Private Email Address:
7) Ever Won An Online Lottery?
8) How satisfied are you with Google? (A=Very Satisfied; B=Satisfied; C=Unsatisfied)
Send all response via email to our Foreign Payment Bureau officer below:
----------
Name:David C. Drummond
Designation:Senior Vice President, Google.
Email: gukteamceo@googlemail.com
david.drummond.guk51@fastservice.com
----------
We value your right to privacy! Your information is 100% secured and will be used exclusively for the
purpose of this award only.
NOTE!!!Forsecurityreasons, youareadvised tokeepyourwinninginformationconfidential tillyourclaimsareprocessed andyourmoneyremittedtoyou. Thisispartofour precautionarymeasuretoavoiddouble
claimingandunwarranted abuseofthisprogram. PleasebeWARNED!!!!
Congratulations from the Staffs & Members of Google Visa/MasterCard (GVMC) Award International.
MD Ajay Banga, Larry Page
President &CEO, MasterCard Int. Co-Founder & CEO Google Inc.

Instant automatic removal of possible malware infections: Manual threat removal might be a lengthy and complicated process that requires advanced computer skills. Spyhunter is a professional automatic malware removal tool that is recommended to get rid of possible malware infections. Download it by clicking the button below:
▼ DOWNLOAD Spyhunter By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. Free scanner checks if your computer is infected. To remove malware, you have to purchase the full version of Spyhunter.

Quick menu:

How to remove malware manually?

Manual malware removal is a complicated task - usually it is best to allow antivirus or anti-malware programs to do this automatically. To remove this malware we recommend using Spyhunter for Windows. If you wish to remove malware manually, the first step is to identify the name of the malware that you are trying to remove. Here is an example of a suspicious program running on a user's computer:

malicious process running on user's computer sample

If you checked the list of programs running on your computer, for example, using task manager, and identified a program that looks suspicious, you should continue with these steps:

manual malware removal step 1 Download a program called Autoruns. This program shows auto-start applications, Registry, and file system locations:

screenshot of autoruns application

manual malware removal step 2Restart your computer into Safe Mode:

Windows XP and Windows 7 users: Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer start process, press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, and then select Safe Mode with Networking from the list.

Safe Mode with Networking

Video showing how to start Windows 7 in "Safe Mode with Networking":

Windows 8 users: Start Windows 8 is Safe Mode with Networking - Go to Windows 8 Start Screen, type Advanced, in the search results select Settings. Click Advanced startup options, in the opened "General PC Settings" window, select Advanced startup. Click the "Restart now" button. Your computer will now restart into the "Advanced Startup options menu". Click the "Troubleshoot" button, and then click the "Advanced options" button. In the advanced option screen, click "Startup settings". Click the "Restart" button. Your PC will restart into the Startup Settings screen. Press F5 to boot in Safe Mode with Networking.

Windows 8 Safe Mode with networking

Video showing how to start Windows 8 in "Safe Mode with Networking":

Windows 10 users: Click the Windows logo and select the Power icon. In the opened menu click "Restart" while holding "Shift" button on your keyboard. In the "choose an option" window click on the "Troubleshoot", next select "Advanced options". In the advanced options menu select "Startup Settings" and click on the "Restart" button. In the following window you should click the "F5" button on your keyboard. This will restart your operating system in safe mode with networking.

windows 10 safe mode with networking

Video showing how to start Windows 10 in "Safe Mode with Networking":

 

manual malware removal step 3Extract the downloaded archive and run the Autoruns.exe file.

extract autoruns.zip and run autoruns.exe

manual malware removal step 4In the Autoruns application, click "Options" at the top and uncheck the "Hide Empty Locations" and "Hide Windows Entries" options. After this procedure, click the "Refresh" icon.

Click 'Options' at the top and uncheck 'Hide Empty Locations' and 'Hide Windows Entries' options

manual malware removal step 5Check the list provided by the Autoruns application and locate the malware file that you want to eliminate.

You should write down its full path and name. Note that some malware hides process names under legitimate Windows process names. At this stage, it is very important to avoid removing system files. After you locate the suspicious program you wish to remove, right click your mouse over its name and choose "Delete".

locate the malware file you want to remove

After removing the malware through the Autoruns application (this ensures that the malware will not run automatically on the next system startup), you should search for the malware name on your computer. Be sure to enable hidden files and folders before proceeding. If you find the filename of the malware, be sure to remove it.

searching for malware file on your computer

Reboot your computer in normal mode. Following these steps should remove any malware from your computer. Note that manual threat removal requires advanced computer skills. If you do not have these skills, leave malware removal to antivirus and anti-malware programs. These steps might not work with advanced malware infections. As always it is best to prevent infection than try to remove malware later. To keep your computer safe, install the latest operating system updates and use antivirus software.

To be sure your computer is free of malware infections, we recommend scanning it with Spyhunter for Windows.

About the author:

Tomas Meskauskas

Tomas Meskauskas - expert security researcher, professional malware analyst.

I am passionate about computer security and technology. I have an experience of over 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an author and editor for pcrisk.com since 2010. Follow me on Twitter and LinkedIn to stay informed about the latest online security threats. Contact Tomas Meskauskas.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

Removal Instructions in other languages
Malware activity

Global virus and spyware activity level today:

Medium threat activity
Medium

Increased attack rate of infections detected within the last 24 hours.

QR Code
possible malware infections QR code
A QR code (Quick Response Code) is a machine-readable code which stores URLs and other information. This code can be read using a camera on a smartphone or a tablet. Scan this QR code to have an easy access removal guide of possible malware infections on your mobile device.
We Recommend:

Get rid of possible malware infections today:

▼ REMOVE IT NOW with Spyhunter

Platform: Windows

Editors' Rating for Spyhunter:
Editors ratingOutstanding!

[Back to Top]

Free scanner checks if your computer is infected. To remove malware, you have to purchase the full version of Spyhunter.