Category: Communications (Page 1 of 4)

The Text-Based EBT Scam

For anyone involved in SNAP or receiving EBT funds, please be aware of the following scam:

This is a text message that did NOT come from the government or any legitimate entity. It is the beginning of a scheme to steal your EBT funds.

If you receive this text, do NOT call the number. Do NOT respond to the text. Simply ignore, delete or block this message.

If someone calls the number in the text, a scammer will answer and pretend to be with the government. They will try to learn the caller’s EBT account info and PIN. Once they have those numbers, the crook will drain the funds from the person’s EBT account.

The legitimate people in charge of SNAP and EBT will never text you. If you need to contact them, find their official phone number on this list and call them. And if you have fallen victim to this scam, please call your state’s EBT Client ASAP to see if anything can be done.

Spam Text Messages

Here are options for dealing with spam received via text message:

Forward the Message to SPAM

When you get a spam text, forward it to 7726 (SPAM). This helps your carrier know about what spam is spreading where, and they’ll study the trends to prevent more spam from reaching you.

To forward a message on Apple devices, consider the section at this page titled “Forward older text messages.”

For Android devices, try these steps to forward a message any spam text to 7726.

Block the Sender

Most phones allow you to block a specific number from sending you texts. So when that annoying spam message arrives, block the sender’s number.

Here are the steps to block a text sender on iOS. On Android, try these steps or maybe these will help.

Note: If a spammer is spoofing your number, so that the text looks like it is coming from you, don’t block it. Just forward it to SPAM as described above, and contact your provider if it keeps happening.

Contact Your Provider

Each cellular provider offers different free tools for blocking unwanted calls and texts. If you are receiving a high level of spam messages, reach out to them. Ask them to review your account and phone settings, to be sure that all possible features are enabled, to block the maximum amount.

Report Spam to the Government

You are welcome to report unwanted communication (calls OR texts) to the FCC and the FTC. The DoNotCall Registry also wants your reports of spam.


Caveats

When acting on a spam text (to block it), take care to not tap on any attached files or links.

Do not reply to any spam text with any complaints or commentary. Do not try to unsubscribe, as this may create more spam for you!

5G Is Not the Same as 5G

Tech jargon is confusing enough as it is. But then some geniuses had to go and name two completely different technologies the same thing. Not helpful….

I’m referring to the label “5G”, which can be used regarding your home Wi-Fi or with cellphones. I continue to find that people conflate the two technologies when they have absolutely nothing to do with each other! So I’m going to try and clear this up:

5G Stands for Fifth Generation

When talking about telecommunications, 5G refers to the latest technology that makes your cellphones work. Right now, the fifth generation (5G) of technology is being rolled out in our country. The fourth generation (4G) is the existing cellular communications technology used in much of the country, and 3G & 2G technology is on its way out. The old 3rd gen and 2nd gen antennae and other hardware is being decommissioned and dismantled to make way for the new hotness that is 5G.

5G Stands for 5 Gigahertz (GHz)

By now, most households have Wi-Fi to spread your internet connection around to laptops, tablets and smartphones. And many of you may notice that your Wi-Fi router offers two network names, one that may end in “-5G”. This is merely to distinguish the two bands of frequency emanating from your device. Those two bands are 2.4Ghz and 5Ghz, the latter can be referred to as the “5G band.” If you want to read more on Wi-Fi frequency bands, this site has you covered.

Voice-to-Text Typing

Speak to your computer and have it type what you’re saying! Windows and MacOS have voice typing tools built-in and you just have to launch them for your speech to flow into whatever document you’re creating.

Windows Users would press Win + H to open the dictation tool.

Apple users can press the Fn button twice to launch their dictation tool.

Once started, you can have this tool enter your spoken words anywhere you see the input cursor flashing. Feel free to dictate into a Word doc or email or status field on Facebook. After you’re done dictating, feel free to go back and edit for punctuation by hand.

And if you ever have any trouble with these built-in tools, there are websites that offer similar tools. This Voice Notepad website is handy, because you can switch between dictation and typing more gracefully. When you’re done, simply copy the text and paste it elsewhere.

Mail2World’s 2022 Email Outage

On Wednesday, 1/12/2022, an email provider named Mail2World disappeared from the internet. They’re a modest company based in California that provides email for millions of people worldwide. They handle the email service for many different ISPs (including Shentel, Buckeye Broadband, and SRT), as well as for individuals and small businesses. Information on this outage was challenging to come by, so I’m going to chronicle what I saw and learned during this event, below.

Day One (January 12)

Around 7AM EST, all email service with Mail2World stopped. For the entire day, no answers were forthcoming. People calling their ISPs got only vague explanations: “Email is completely down, we have no ETR.”

Those that contacted Mail2World directly received an unprofessional response. I had hoped they would issue a press release or a Pinned Post on Facebook. But, ironically commenting on an older Facebook Post about “improving your chances of getting your email read,” Mail2World shared only a few vague tidbits. It was nothing informative (“Please be advised that we’re fully and diligently working on the current email service outage.”) and only aggravated their clients further.

Day Two (January 13)

With email still down, Mail2World told some ISPs to expect a 3PM EST recovery time. But that deadline came and went, and everyone had to face the fact that nothing would be restored this day.

A sharp-eyed Facebook commenter pointed out a breaking news story (alternate link) about a ransomware attack and suggested it might be relvant. I called the ISP mentioned in the story and got confirmation: Mail2World is their email provider, and a ransomware attack had brought down all of Mail2World.

Day Three (January 14)

The outage continued, but repair progress could be detected. Using DNS detection websites, people could see that Mail2World DNS entries were coming back online, across the globe. M2W had been completely absent from the world’s DNS servers for the first two days of this outage!

Repeatedly contacting Mail2World, I could only get the briefest assurance from M2W that no one data was compromised or stolen. And as more news reports about the ransomware attack emerged, that seemed to confirm that user data was safe through this debacle. Other ISPs started to report more details, as well.

After much teeth-grinding, Mail2World posted an non-update on their Facebook Page. Huzzah! And their sales website came back online, more progress!

Day Four (January 15)

Early in the morning, Shentel reported email service may be restored in the next 24 hours. By some estimates, that would be extremely quick and efficient, but not unheard of.

By mid-day, a rare few M2W email accounts were able to send out messages, although they arrived with security warnings and other malformations. Still, it showed further progress!

As Day Four drew to close, a few users reported in about email arriving to their Mail2World accounts. We couldn’t declare a complete recovery yet, but some people were able to send off a few messages, and verify that their old emails were once again available.

Day Five (January 16)

I woke to reports of Shentel (Virginia) email users happy with their restored accounts. Reports from other states (Indiana, South Dakota, Ohio) were varied, but most showed some signs of functionality. Other countries (Sweden, Australia, Mexico) also reported in about recovery, again varied, with some at full email ability, while others still hampered or limited.

This outage was mentioned over at Slashdot, but still hadn’t garnered any national or large-scale news coverage.

For my part, I recommended to anyone with fully-restored ISP email, to call into to their internet providers for a refund or credit. Since Mail2World would surely pay a penalty to their ISP clients for the outage, I reasoned that that money should be passed along to the ISP customers themselves. And my experience with many ISPs is that: If you don’t ask, you don’t get!

Day Six (January 17)

Today I found that most people worldwide have their basic M2W email service back. But there are some outliers that are still waiting, in Sweden or Mexico. These folks tend to be individuals that have enrolled in free email service directly with Mail2World. I can only guess that they are low-priority, and may have a much longer repair time than the blocks of email addresses repaired for the large ISP customers.

If you’re still waiting for an M2W repair, I can only tell you to hang in there, keep waiting and reach out to Mail2World repeatedly as time goes on. You can call them at +1 (310) 209-0060, visit their website, check them on Facebook, or find their Twitter feed. Good luck!

Epilogue (March 9)

Most everyone I know has moved on from this issue. But I am still disappointed. There are many questions left unanswered: What ransomware or criminal group caused this? Was the attack successful because of employee error or a zero-day exploit? Was the ransom paid or not?

For my part, I’ve pinged M2W for 2 months, through FB/Twitter/email/LinkedIn, asking for more info. And today, I got a phone call from one of their agents. He explained that the matter has been investigated, mitigated, resolved and put to bed. All informative reports have been finished and submitted… to the ISPs and involved companies.

He didn’t have any press releases or documentation for me. Or for the masses of email users out there. All of the “post-mortem” reports have been sent to Shentel, Buckeye Broadband and similar companies. And those big ISPs might not share that info with us little people, because, well… lawyers.

But this kind gentleman who called me reiterated: The ransomware attack did not expose anyone’s email info. He briefly mentioned that a 3rd-party vendor made a mistake and left a port open somewhere, and bad actors capitalized on the vulnerability. Now that all the forensics and investigation is through, M2W has improved their security and procedures to prevent this from happening again.

Scan QR Codes with Your Phone’s Camera

The title says it all, but I’ll go into more detail: When you see a QR code in public, use your cellphone’s camera on it.

If you open your camera and point it at a QR code, the camera software can “figure it out.” Watch for a clickable link on your screen (you do not need to actually take a picture). If you tap the link that appears, it will do whatever the QR code is programmed for (take you to a website, start an email, etc.).

Do NOT download and install any 3rd party app for QR code reading. Those apps are wholly unnecessary at this point, and can contain adware or worse.

USPS Operation Santa

The USPS needs your help! Their Operation Santa program has gone national this year, and they need generous people to help them answer letters sent to Santa.

This USPS program collects and posts Santa-letters from kiddos all over the USA. When you participate in the program, you can “adopt” a letter, respond to it appropriately and send a gift (as Santa) through regular USPS mail.

If you’re interested in fulfilling a child’s holiday wish, you should check out how it all works, as well as the FAQ, for this program. They’ve got all kinds of instructions and print-outs that make this easy to do.

Shentel Email Best Security Practices

Many of my clientele are in the Shenandoah Valley of Virginia, the home territory of an ISP named Shentel. And like many ISPs, Shentel provides free, courtesy email addresses to its subscribers. It’s like a mint on your pillow, except this mint needs some extra warnings on its wrapper and may give you some indigestion…

I can level a variety of criticisms against any ISP-provided email another time. For this post, I need to write on how Shentel customers can keep their email more secure. There are frequent scams targeting Shentel email addresses, and I want to help as many people as I can to tighten their defenses.

If you don’t have a Shentel email address, this post will not directly apply to you, but the overall security recommendations do. So please consider these points, and implement anything you are comfortable with!

Password Strength

I’ve helped with Shentel email users for almost 20 years now, and from the beginning, I’ve noticed Shentel doling out really weak passwords to their email addresses. In 2002, it was common for a brand-new Shentel email address to come with a 6-digit password. It was typically 3 letters (part of the person’s name), and 3 numbers (often the phone exchange of the user). To this day, I still encounter Shentel email addresses with these old, short passwords, like “abc465” and “joe933”.

If your email password is this short and simple, please change it now. Email thieves can determine such short passwords quickly, without hacking you or tricking you. There are password-guessing programs readily available on the dark web that anyone buy and use for this. And once they guess your password, they can use your email to start scamming your friends and family, or worse.

Changing your Shentel email password is easy, especially if you know your current password.

  • Go to the Shentel Webmail website and login with your email credentials.
  • Click the cogwheel icon to the upper-right.
  • When the Settings screen appears, click Password.
  • Type in your old password and then enter a new password on the next two fields.
  • Click Save and you are done!

Try to choose a password that is 8 or more characters long, and use a capital letter, a number and a special symbol. An example of a strong password is: Maverick20#21 .

If you do not remember your Shentel password, call Shentel at 1-800-SHENTEL and ask their tech support to change your password over the phone.

Recovery Options

If your password is strong enough, you should still visit Shentel’s Webmail website. Shentel is starting to implement Password Recovery Options for its email users, but you won’t see these if you use Outlook, Thunderbird or a Mail app to see your messages. You must go to their Webmail site!

When you visit that site nowadays, you will be prompted to set a recovery email and recovery phone number. Fill out and satisfy these items as best you can, and call Shentel for assistance if there’s any difficulty. These are important to do! If some bad actor invades your email next month, these will help you more quickly to regain control of your account.

Request 2FA to Be Implemented

The best security tool to prevent email abuse is 2FA. This stands for two-factor authentication, and adds an extra layer to the login process for an account. When you use 2FA, you first login using your password, and next have to enter a token or code sent to your mobile number or other security device. If someone steals your email password, the second step will block them from accessing your account.

Shentel does not offer 2FA on their email accounts and has a hard time answering my most basic questions about it. But many other email providers do offer 2FA. If you are going to stick with your Shentel email address, you might reach out to Shentel to ask them to consider adding this security feature. It would greatly reduce the number of hacked Shentel email accounts!

When In Doubt, Pick Up the Phone

If you receive an email, and something doesn’t seem right, take your hand off the mouse. Take a moment to think about what isn’t sitting right with you, and contact someone without using that email in front of you.

That means: if you want to contact Shentel, dial 1-800-SHENTEL or any support number that is printed on their bills. Do not use any number in the fishy email! Contact info showing in a suspicious email will often put you in touch with criminals. And those guys will be all too happy to pretend that they are with whatever company you say you’re trying to reach.

If you can’t reach the company for advice, call someone else. Talk to a trusted friend, police officer, church pastor or relative. Or drop me a line for a second opinion, I am happy to sound off on all things, legitimate and scammy! You’re even welcome to forward odd emails to me, and I will quickly write you back with my verdict of them.

Don’t Panic: Pegasus Spyware

There’s a lot of news about the powerful spyware named Pegasus. And it is some nasty stuff, being able to infect a phone without anyone clicking anything! You can read about some basics about Pegasus here.

Unfortunately, this is one of those news topics where the media can be more inciteful than insightful. For example, the NYTimes has a long write-up on Pegasus that might make you a little anxious to read. By the 6th paragraph, they mention that “more than 1.65 billion Apple products in use worldwide have been vulnerable”. They don’t mention what you should do until the final (33rd) paragraph.

What should you do? Try my two-step plan:

1) Don’t Panic. 2) Update your iPhone.

The first step is because you’re probably not affected by Pegasus. This spyware, while it can do everything it says on the tin, was probably not something that was unleashed on the entire world. Instead, researchers are fairly sure that it was deliberately used against specific people. World leaders, politicians, activists or billionaires were the likely targets.

I’ll go out on a limb and wager that most of my readers don’t fit those categories. And for any who is a Pegasus target, they’ve probably already had their iPhone replaced or wiped.

Anyhow, the second step is what can give you full peace of mind, and may have already happened automagically. Many iDevices update on their own, and the latest iOS 14.8 update will patch iPhones against Pegasus. So go ahead and check for updates on your iPhone, and then put this nasty business out of your mind.

PS: Android phones might also be vulnerable to Pegasus, but the news media is not reporting a whole lot on that. I still recommend you Don’t Panic.

PPS: Yes, you can check your iPhone for Pegasus, but it rather involved and possibly not worth the effort. Still, if you are interested, here’s one method that appears to have no cost associated with it. I do not see any way to check an Android phone for Pegasus.

iPhone Profiles and How to Remove Them

Smartphones are pretty well-defended against viruses, but there are a few ways to abuse them that avoid detection. One of the ways that iPhones get hijacked is through “Profiles”.

The Profiles part of the iOS is typically only used by employers or schools on iPhones that they assign to their staff. For some companies, there is a legitimate purpose for installing Profiles on iPhones. iPhone Profiles might help them monitor the phones and how they are used.

But on a personal or store-bought iPhone, you should never see any Profiles in the Settings panel. The presence of Profile on your personal iPhone is a sign of spyware. Some apps or websites may sneak a Profile onto an iPhone, for the purpose of collecting or sending info from your phone without you knowing. An unknown Profile can turn your iPhone into a keystroke collector or spam relay!

The good news is that Profiles are easy to check for and remove, if any are present. For most iPhones, you may open your Settings icon and tap on General. Scroll up and down, looking for Profiles. If you cannot find Profiles on the General menu, then none are present on the phone and you are clean! But if you do see Profiles, tap on it and remove anything listed inside.

« Older posts

© 2022 BlueScreen Computer

Theme by Anders NorenUp ↑