Google Winner Email Scam

Also Known As: possible malware infections
Distribution: Moderate
Damage level: Severe

"Google winner email scam" removal guide

What is "Google winner email scam"?

The "Google winner" scam is distributed using a spam email campaign that tricks people into believing that they have won £950,000.00. In fact, this particular email steals private information by leading users to websites where they are asked to enter login details, passwords, etc. These emails are often used to distribute malicious programs. Therefore, do not trust "Google winner" and other similar scams - ignore them.

Google winner spam campaign

Scammers present the "Google winner" email as a winning notification message. It states that the recipient has been selected as a winner of £950,000.00 for actively using Google services (Google search engine, Gmail, Maps, etc.). To claim the prize, users are encouraged to contact the Foreign Payment Bureau via and provide them with details such as full name, contact address, country and nationality, telephone/mobile telephone, occupation, age and gender, and private email address. People are urged to keep their winning information confidential until the claim is processed and prize is remitted. As mentioned above, this is simply a scam and you should not contact these scammers via the email address or send your details. Note that Google has nothing to do with this fake online lottery. As part of the scam, people are provided with a web link to a site where they are asked to enter their login details and passwords - this is how scammers use this particular scam to steal personal details.

There are many scammers who use a number of different spam campaigns. Some examples of other similar scams are Looked At You For Several Months, I Am A Spyware Software Developer, and Services Which Actually I Sell In Darknet. In most cases, they attempt to extort money from regular users, however, some spam campaign infect computers with high-risk viruses such as TrickBot, Emotet, AZORult, Adwind, and so on. In these cases, people receive emails that contain malicious attachments (or web links leading to such documents). Attached documents are usually Microsoft Office documents (Word, Excel, and others), PDF files, archive files such as RAR, ZIP, executable files, and so on. The purpose of these malicious attachments is to install computer infections that steal personal data (passwords, logins, banking details, etc.) and cause problems relating to privacy, browsing safety financial losses, and other problems. Furthermore, the aforementioned viruses also spread other infections such as ransomware.

We receive a great deal of feedback from concerned users about this type of scam email. Here is the most popular question we receive (in this case, relating to a scam that claims to have obtained compromising videos or photos of the user):

Q: Hi team, I received an email stating that my computer was hacked and they have a video of me. Now they are asking for a ransom in Bitcoins. I think this must be true because they listed my real name and password in the email. What should I do?

A: Do not worry about this email. Neither hackers nor cyber criminals have infiltrated/hacked your computer and there is no video of you watching pornography. Simply ignore the message and do not send any Bitcoins. Your email, name, and password was probably stolen from a compromised website such as  Yahoo (these website breaches are common). If you are concerned, you can check if your accounts have been compromised by visiting haveibeenpwned website.

How do spam campaigns infect computers?

Malicious attachments presented in emails sent by scammers (cyber criminals) infect computers only when they are opened/executed. Therefore, manual intervention by a recipient is required. If the attached file is a Microsoft Office documents, once it is downloaded and opened, it asks for permission to enable macro commends. Enabling them allows the downloaded malicious attachment to install a computer infection. If the attached file is an archive file, it will first need to be extracted. This will probably contain an executable file (.exe) that, once executed, will install a malicious program. In any case, malicious files (attachments) presented in spam email campaigns cannot do any harm unless they are opened.

How to avoid installation of malware?

Ignore irrelevant emails received from unknown/untrustworthy email addresses. If an email contain an attachment (or web link), do not open it. Download software using official and trustworthy websites (or other sources). This does not include various peer-to-peer networks (torrents, eMule and so on), third party downloaders, etc. Download and install software with care. Do not skip download/installation set-up steps without checking "Custom", "Advanced", and other similar settings or options. Opt-out of any offers to install additional software and only then finish the download/installation. Update software using implemented functions or tools provided by official software developers only. Never use third party software updaters, since these are often dubious and install malicious programs. Use a Microsoft Office suite version no earlier than 2010: newer versions have "Protected View" mode, which prevents downloaded malicious documents from installing computer infections. If you have already opened malicious attachments, we recommend running a scan with Spyhunter for Windows to automatically eliminate infiltrated malware.

Text presented in the "Google winner" email message:

Dear Google User.
You have been selected as a winner for using Google services, attached to this email is Our Official Notification Letter for your perusal.
Larry Page,

 Screenshot of the PDF document presented in "Google winner" scam:

pdf file presented in Google winner scam

Text presented in PDF document:

Google UK Ltd
Belgrave House
76 Buckingham Palace Road London SW1W 9TQ United Kingdom.
Ref No: GAAP/ 5653/657/2018 Batch: GAAP/ 563/GAPRO/UK
We wish to congratulate you over your success in the official publication of results of the E-mail electronic online sweepstake organized by Google Inc., in conjunction with VisaÆ/MasterCardÆ International and confirmed by our co- sponsors the Foundation for the Promotion of Software Products (F.P.S.P). Over the years Google earns itsí profit mainly from advertising using their very own Google search engine, Gmail, Gala, Sify e-mail services, Google Maps, Google Apps, Orkut social networking and You Tube video sharing, which are all offered to the public for free.
Due to your active use of Google services, you have been selected as one of the Ten (10) winners in the ongoing E- mail Electronic Online Sweepstakes. Hence we believe with your prize, you will continue to be active in your patronage to Google and its Products, we wish to inform you that you are entitled to £950,000.00 GBP {Nine Hundred and Fifty Thousand British Pounds}. A Bank Draft will be issued in your name by our Foreign Payment Bureau and also a Certificate of prize claim will be processed alongside your Bank Draft. All Payments will be made to you through our accredited paying bank (ELECTRONIC SWIFT TRANSFER) to your bank account in your country without you coming down to United Kingdom.
Your prize will be transferred to you upon meeting the requirements of the British Lottery Commission which includes your statutory obligations. You are advised to contact our Foreign Payment Bureau with the details below:
1) Your Full Names:
2) Your Contact Address:
3) Your Country/Nationality:
4) Your Telephone/Mobile Number(s):
5) Occupation:
6) Age/Gender:
7) Private Email Address (OPTIONAL):
8) Ever Won An Online Lottery?
Google values your right to privacy! Your information is 100% secured and will be used exclusively for the purpose of this award only.
Send all response via email to our Foreign Payment Bureau officer below:

Name: Brian Carter
Senior Vice President and Chief Legal

NOTE!!! For security reasons, you are advised to keep your winning information confidential till your claims are processed and your winning prize remitted to you through our accredited paying bank. This is part of our precautionary measure to avoid double claims and unwarranted abuse of this program please be WARNED!!!!
Congratulations from the Staffs & Members of Google Anniversary Award Team.

Larry Page,
©Copyright 2018 Google Incorporation. All rights reserved.

Instant automatic removal of possible malware infections: Manual threat removal might be a lengthy and complicated process that requires advanced computer skills. Spyhunter is a professional automatic malware removal tool that is recommended to get rid of possible malware infections. Download it by clicking the button below:
▼ DOWNLOAD Spyhunter By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. Free scanner checks if your computer is infected. To remove malware, you have to purchase the full version of Spyhunter.

Quick menu:

How to remove malware manually?

Manual malware removal is a complicated task - usually it is best to allow antivirus or anti-malware programs to do this automatically. To remove this malware we recommend using Spyhunter for Windows. If you wish to remove malware manually, the first step is to identify the name of the malware that you are trying to remove. Here is an example of a suspicious program running on a user's computer:

malicious process running on user's computer sample

If you checked the list of programs running on your computer, for example, using task manager, and identified a program that looks suspicious, you should continue with these steps:

manual malware removal step 1 Download a program called Autoruns. This program shows auto-start applications, Registry, and file system locations:

screenshot of autoruns application

manual malware removal step 2Restart your computer into Safe Mode:

Windows XP and Windows 7 users: Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer start process, press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, and then select Safe Mode with Networking from the list.

Safe Mode with Networking

Video showing how to start Windows 7 in "Safe Mode with Networking":

Windows 8 users: Start Windows 8 is Safe Mode with Networking - Go to Windows 8 Start Screen, type Advanced, in the search results select Settings. Click Advanced startup options, in the opened "General PC Settings" window, select Advanced startup. Click the "Restart now" button. Your computer will now restart into the "Advanced Startup options menu". Click the "Troubleshoot" button, and then click the "Advanced options" button. In the advanced option screen, click "Startup settings". Click the "Restart" button. Your PC will restart into the Startup Settings screen. Press F5 to boot in Safe Mode with Networking.

Windows 8 Safe Mode with networking

Video showing how to start Windows 8 in "Safe Mode with Networking":

Windows 10 users: Click the Windows logo and select the Power icon. In the opened menu click "Restart" while holding "Shift" button on your keyboard. In the "choose an option" window click on the "Troubleshoot", next select "Advanced options". In the advanced options menu select "Startup Settings" and click on the "Restart" button. In the following window you should click the "F5" button on your keyboard. This will restart your operating system in safe mode with networking.

windows 10 safe mode with networking

Video showing how to start Windows 10 in "Safe Mode with Networking":


manual malware removal step 3Extract the downloaded archive and run the Autoruns.exe file.

extract and run autoruns.exe

manual malware removal step 4In the Autoruns application, click "Options" at the top and uncheck the "Hide Empty Locations" and "Hide Windows Entries" options. After this procedure, click the "Refresh" icon.

Click 'Options' at the top and uncheck 'Hide Empty Locations' and 'Hide Windows Entries' options

manual malware removal step 5Check the list provided by the Autoruns application and locate the malware file that you want to eliminate.

You should write down its full path and name. Note that some malware hides process names under legitimate Windows process names. At this stage, it is very important to avoid removing system files. After you locate the suspicious program you wish to remove, right click your mouse over its name and choose "Delete".

locate the malware file you want to remove

After removing the malware through the Autoruns application (this ensures that the malware will not run automatically on the next system startup), you should search for the malware name on your computer. Be sure to enable hidden files and folders before proceeding. If you find the filename of the malware, be sure to remove it.

searching for malware file on your computer

Reboot your computer in normal mode. Following these steps should remove any malware from your computer. Note that manual threat removal requires advanced computer skills. If you do not have these skills, leave malware removal to antivirus and anti-malware programs. These steps might not work with advanced malware infections. As always it is best to prevent infection than try to remove malware later. To keep your computer safe, install the latest operating system updates and use antivirus software.

To be sure your computer is free of malware infections, we recommend scanning it with Spyhunter for Windows.