I’ve won the Google Prize! (Nope. Not Even Close)

Another scam in my mail this morning. And again, because it’s more important to educate email users than to avoid telling scammers what they did wrong, I’ll do just that. Here’s the email with only a minor edit in the email address:

Google Corporation®
Belgrave House,
76 Buckingham Palace Road,
London SW1W 9TQ,
United Kingdom.

NOT a Google prize notice.

We wish to congratulate you once again on this note, for being part of our winners selected this year. This promotion was set-up to encourage the active users of the Google search engine and the Google ancillary services. Hence we do believe with your winning prize, you will continue to be active and patronage to the Google search engine. Google is now the biggest search engine Worldwide and in an effort to make sure that it remains the most widely used search engine, we ran an online e-mail beta test which your email address won J950,000.00 GBP {Nine Hundred and Fifty Thousand Great British Pounds Sterling}.

A winning Cheque will be issued in your name by Google Promotion Board, and also a certificate of prize claims will be sent along side your winning Cheque. In your best interest to avoid mix up of numbers and names of any kind, we request that you keep the entire details of your award strictly from public notice until the process of transferring your claims has been completed, and your funds remitted to your account. This is part of our security protocol to avoid double claiming or unscrupulous acts by participants / non participants of this program. Kindly fill-in the verification and fund release form below.

VERIFICATION AND FUNDS RELEASE FORM.

(1) Your contact address:
(2) Your Tel/Fax numbers:
(3) Your Nationality/Country:
(4) Your Full Name:
(5) Sex:
(6) Occupation:
(7) Age:
(8) Ever won an online lottery?

Please contact your claims agent immediately for due processing and remittance of your prize money to file for your prize claim, kindly contact your CLAIMS agent.

CONTACT CLAIMS OFFICE:

Google Promotion Board
Dr. Brian Robinson
some address at…yahoo.co.jp

NOTE: For easy reference and identification, find below your reference and Batch numbers. Remember to quote these numbers in every one of your correspondence with your claims agent. Ref NO: GCS/G6I/88809, Batch: GUK/679/33/097I.

Congratulations once again from all our staff and thank you for being part of our promotions program.
Lawrence Page
Chairman of the Board and Chief Executive Officer.
©2012 Google Corporation.

So what tells me it’s a fraud, besides the obvious–Google doesn’t give away money like that?
Well, it was sent from a “reply-to” address of “…somebody’s name…@westnet.com.au.”
Westnet is an Australian Internet Service Provider. Google emails comes from google.com.

Next, the Yahoo email address in the letter, pointing to yahoo.co.jp
That’s Yahoo, so again, it’s somebody else’s email service, this time in Japan.

Next, there are 5 attachments. All of them are named “Google Note.pdf” and all of them are 69.1 Kb in size. Google doesn’t do that, either.

More clues:
There’s a Google logo, with a shadow, and a ‘TM’ symbol. Google doesn’t use either, and ‘TM’ is not the correct symbol, in any case. If Google were to choose to explicitly mark the trademark status, it would either be the circled-R ®, for Registered, or ‘SM’ for Service Mark. And the ® wouldn’t be in the physical mailing address–again, Google’s emails are consistent, and they don’t flag every single trademark in text.

The background of the logo is gray–again, not the Google style. There’s that “J” in front of the currency amount, and it’s in “Great British Pounds Sterling”, which is very much like saying “California Dollars”–while understandable, it’s clearly not written by a native of the United Kingdom. Another clue: “you will continue to be active and patronage to the Google search engine.” Probably means “and continue to patronize”.

For those who are more technical: There was no “To:” in the header–it’s a blind carbon copy, so the email went out in bulk. The sending IP resolves to the reply-to domain, but times out on a ping; it’s likely an infected PC, also known as a bot.

Now, the part that surprised me: The attachment is just another copy of the email, and not infectious. So it’s not malware; it’s only another scam that will likely result in either a demand for a delivery fee, or a bogus check and an overpayment request.

is webmaster at PC410.com and Startupware.com.