Your PPL invoice is attached – word doc or excel xls spreadsheet malware — 10 Comments

  1. It’s a bit disingenuous to say “PPLUK.COM […] are just innocent victims in exactly the same way as every recipient of these emails.” This only works because of PPL’s business practices – they contact small businesses and tells them that they owe PPL money because they play music to their staff. We field calls from them and PRS frequently, even though we always tell them that we don’t play music. In our experience both companies appear to ignore our telephone preference service listings, and even when we have told them that we don’t and never will play music, they continue to call and hassle us on a regular basis. This spam makes them a victim of their own aggressive practices, so in my opinion it does have a silver lining 🙂

  2. PPLUK have got the backing of some very spurious legislation which enables them to harass innocent companies. I have my suspicion that this data breach is an inside job. If they have given our company details to a Nigerian fraudster they will have a lot to answer for. PPLUK should be shut down because they are causing so much grief to innocent companies.

  3. I received one of these today and as I was expecting a real invoice from PPL I opened it. I did everything above that it says not to do with macros. By the time I saw that it was an .exe file, I had pressed OK and it was too late. I have run a virus check which shows no infection though. Any ideas?

  4. Hello Richard
    I too was expecting an invoice from PPL but because I got over 15 emails from these scammers I immediately got suspicious. Now that you have opened the .exe file contact Nigel Titcombe at PPL and really give it to him; he is the Operations Manager and if he has a single ounce of self respect he will give you compensation.

  5. Had this today at work and we had actually been awaiting a real invoice from PPL. I stupidly opened it on word 2003 (behind the times)….it said that the macros needed to be enabled. I went into, ‘macros’ and ‘run’ but nothing happened….then I decided to google and realised what I had done. I’ve checked with anti virus, anti malware, JRT, Adware remover and hitman pro…nothing found. Is it possible I am ok? I have also checked since and the macro security was set to high – which might mean that I didn’t fully open it?

    • same advice as I gave before
      You will be very likely to be infected
      do not do any banking or anything on that computer that involves passwords or logging in anywhere. Shut down the computer for several hours and give the antivirus companies a chance to update
      The quickest and most successful disinfection is normally

      You won’t see anything happen when you allow the macro to run. It all happens silently and invisibly behind the scenes. The first you know is when your bank account is emptied

    • Kirsty, I hope these Nigerians or Muslims have not already cleared your bank accounts. Please tell PPL immediately that they have ruined your life all because you like music (or talk shows). 🙁

      • These emails are being sent buy organised criminal gangs, a high proportion of which are based in Russia and Eastern Europe
        Although PPL are abhorrent to many of us, they are in no way responsible for this. The criminals take a legitimate email from ANY company and alter it slightly & spam it out
        Just look at hundreds of other examples on this site ranging from small companies selling kitchens to internet and phone companies to insurance and general invoices

        • dvk01 – thank you for your help. I got your reply once I returned from work and immediately contacted management to advise of what had happened – I had obviously been trying to fix something that all the scanning type programs could not see (at least for now) whilst I was there and probably should have hit the alert sooner – but wasn’t entirely sure if something was there or not.
          William – I take this very seriously. I understand you are annoyed with PPL, but I am more concerned with any implications this will have at my work place. Despite being treated very well for my idiotic mistake, I am still in a state of complete anxiety and panic – so comments like that are not helpful.

Leave a Reply

Your email address will not be published. Required fields are marked *