Category: Email (Page 1 of 2)

Mail2World’s 2022 Email Outage

On Wednesday, 1/12/2022, an email provider named Mail2World disappeared from the internet. They’re a modest company based in California that provides email for millions of people worldwide. They handle the email service for many different ISPs (including Shentel, Buckeye Broadband, and SRT), as well as for individuals and small businesses. Information on this outage was challenging to come by, so I’m going to chronicle what I saw and learned during this event, below.

Day One (January 12)

Around 7AM EST, all email service with Mail2World stopped. For the entire day, no answers were forthcoming. People calling their ISPs got only vague explanations: “Email is completely down, we have no ETR.”

Those that contacted Mail2World directly received an unprofessional response. I had hoped they would issue a press release or a Pinned Post on Facebook. But, ironically commenting on an older Facebook Post about “improving your chances of getting your email read,” Mail2World shared only a few vague tidbits. It was nothing informative (“Please be advised that we’re fully and diligently working on the current email service outage.”) and only aggravated their clients further.

Day Two (January 13)

With email still down, Mail2World told some ISPs to expect a 3PM EST recovery time. But that deadline came and went, and everyone had to face the fact that nothing would be restored this day.

A sharp-eyed Facebook commenter pointed out a breaking news story (alternate link) about a ransomware attack and suggested it might be relvant. I called the ISP mentioned in the story and got confirmation: Mail2World is their email provider, and a ransomware attack had brought down all of Mail2World.

Day Three (January 14)

The outage continued, but repair progress could be detected. Using DNS detection websites, people could see that Mail2World DNS entries were coming back online, across the globe. M2W had been completely absent from the world’s DNS servers for the first two days of this outage!

Repeatedly contacting Mail2World, I could only get the briefest assurance from M2W that no one data was compromised or stolen. And as more news reports about the ransomware attack emerged, that seemed to confirm that user data was safe through this debacle. Other ISPs started to report more details, as well.

After much teeth-grinding, Mail2World posted an non-update on their Facebook Page. Huzzah! And their sales website came back online, more progress!

Day Four (January 15)

Early in the morning, Shentel reported email service may be restored in the next 24 hours. By some estimates, that would be extremely quick and efficient, but not unheard of.

By mid-day, a rare few M2W email accounts were able to send out messages, although they arrived with security warnings and other malformations. Still, it showed further progress!

As Day Four drew to close, a few users reported in about email arriving to their Mail2World accounts. We couldn’t declare a complete recovery yet, but some people were able to send off a few messages, and verify that their old emails were once again available.

Day Five (January 16)

I woke to reports of Shentel (Virginia) email users happy with their restored accounts. Reports from other states (Indiana, South Dakota, Ohio) were varied, but most showed some signs of functionality. Other countries (Sweden, Australia, Mexico) also reported in about recovery, again varied, with some at full email ability, while others still hampered or limited.

This outage was mentioned over at Slashdot, but still hadn’t garnered any national or large-scale news coverage.

For my part, I recommended to anyone with fully-restored ISP email, to call into to their internet providers for a refund or credit. Since Mail2World would surely pay a penalty to their ISP clients for the outage, I reasoned that that money should be passed along to the ISP customers themselves. And my experience with many ISPs is that: If you don’t ask, you don’t get!

Day Six (January 17)

Today I found that most people worldwide have their basic M2W email service back. But there are some outliers that are still waiting, in Sweden or Mexico. These folks tend to be individuals that have enrolled in free email service directly with Mail2World. I can only guess that they are low-priority, and may have a much longer repair time than the blocks of email addresses repaired for the large ISP customers.

If you’re still waiting for an M2W repair, I can only tell you to hang in there, keep waiting and reach out to Mail2World repeatedly as time goes on. You can call them at +1 (310) 209-0060, visit their website, check them on Facebook, or find their Twitter feed. Good luck!

Epilogue (March 9)

Most everyone I know has moved on from this issue. But I am still disappointed. There are many questions left unanswered: What ransomware or criminal group caused this? Was the attack successful because of employee error or a zero-day exploit? Was the ransom paid or not?

For my part, I’ve pinged M2W for 2 months, through FB/Twitter/email/LinkedIn, asking for more info. And today, I got a phone call from one of their agents. He explained that the matter has been investigated, mitigated, resolved and put to bed. All informative reports have been finished and submitted… to the ISPs and involved companies.

He didn’t have any press releases or documentation for me. Or for the masses of email users out there. All of the “post-mortem” reports have been sent to Shentel, Buckeye Broadband and similar companies. And those big ISPs might not share that info with us little people, because, well… lawyers.

But this kind gentleman who called me reiterated: The ransomware attack did not expose anyone’s email info. He briefly mentioned that a 3rd-party vendor made a mistake and left a port open somewhere, and bad actors capitalized on the vulnerability. Now that all the forensics and investigation is through, M2W has improved their security and procedures to prevent this from happening again.

Shentel Email Best Security Practices

Many of my clientele are in the Shenandoah Valley of Virginia, the home territory of an ISP named Shentel. And like many ISPs, Shentel provides free, courtesy email addresses to its subscribers. It’s like a mint on your pillow, except this mint needs some extra warnings on its wrapper and may give you some indigestion…

I can level a variety of criticisms against any ISP-provided email another time. For this post, I need to write on how Shentel customers can keep their email more secure. There are frequent scams targeting Shentel email addresses, and I want to help as many people as I can to tighten their defenses.

If you don’t have a Shentel email address, this post will not directly apply to you, but the overall security recommendations do. So please consider these points, and implement anything you are comfortable with!

Password Strength

I’ve helped with Shentel email users for almost 20 years now, and from the beginning, I’ve noticed Shentel doling out really weak passwords to their email addresses. In 2002, it was common for a brand-new Shentel email address to come with a 6-digit password. It was typically 3 letters (part of the person’s name), and 3 numbers (often the phone exchange of the user). To this day, I still encounter Shentel email addresses with these old, short passwords, like “abc465” and “joe933”.

If your email password is this short and simple, please change it now. Email thieves can determine such short passwords quickly, without hacking you or tricking you. There are password-guessing programs readily available on the dark web that anyone buy and use for this. And once they guess your password, they can use your email to start scamming your friends and family, or worse.

Changing your Shentel email password is easy, especially if you know your current password.

  • Go to the Shentel Webmail website and login with your email credentials.
  • Click the cogwheel icon to the upper-right.
  • When the Settings screen appears, click Password.
  • Type in your old password and then enter a new password on the next two fields.
  • Click Save and you are done!

Try to choose a password that is 8 or more characters long, and use a capital letter, a number and a special symbol. An example of a strong password is: Maverick20#21 .

If you do not remember your Shentel password, call Shentel at 1-800-SHENTEL and ask their tech support to change your password over the phone.

Recovery Options

If your password is strong enough, you should still visit Shentel’s Webmail website. Shentel is starting to implement Password Recovery Options for its email users, but you won’t see these if you use Outlook, Thunderbird or a Mail app to see your messages. You must go to their Webmail site!

When you visit that site nowadays, you will be prompted to set a recovery email and recovery phone number. Fill out and satisfy these items as best you can, and call Shentel for assistance if there’s any difficulty. These are important to do! If some bad actor invades your email next month, these will help you more quickly to regain control of your account.

Request 2FA to Be Implemented

The best security tool to prevent email abuse is 2FA. This stands for two-factor authentication, and adds an extra layer to the login process for an account. When you use 2FA, you first login using your password, and next have to enter a token or code sent to your mobile number or other security device. If someone steals your email password, the second step will block them from accessing your account.

Shentel does not offer 2FA on their email accounts and has a hard time answering my most basic questions about it. But many other email providers do offer 2FA. If you are going to stick with your Shentel email address, you might reach out to Shentel to ask them to consider adding this security feature. It would greatly reduce the number of hacked Shentel email accounts!

When In Doubt, Pick Up the Phone

If you receive an email, and something doesn’t seem right, take your hand off the mouse. Take a moment to think about what isn’t sitting right with you, and contact someone without using that email in front of you.

That means: if you want to contact Shentel, dial 1-800-SHENTEL or any support number that is printed on their bills. Do not use any number in the fishy email! Contact info showing in a suspicious email will often put you in touch with criminals. And those guys will be all too happy to pretend that they are with whatever company you say you’re trying to reach.

If you can’t reach the company for advice, call someone else. Talk to a trusted friend, police officer, church pastor or relative. Or drop me a line for a second opinion, I am happy to sound off on all things, legitimate and scammy! You’re even welcome to forward odd emails to me, and I will quickly write you back with my verdict of them.

Periods & Plus Signs in Gmail Addresses

Email address are generally case-insensitive, that is, it doesn’t matter if you use capital letter or lower-case. But Google has a few more tricks up its Gmail sleeve.

Periods: In any Gmail address, periods are ignored. So feel free to add periods anywhere in the username portion, if it makes your email address easier to read or understand.

As far as Google is concerned, joedfragmented@gmail.com is the same as joe.d.fragmented@gmail.com is the same as Joe.D.Frag.Mented@gmail.com . But one may look better than another on a resume, while another may be easier to relay over the phone, so choose appropriately!

Plus Signs: Plus Signs are also ignored in any Gmail address, along with anything that comes after the plus sign, up to the @ symbol. That means you can customize your email address with any words you like.

Betsy.NoSpam@gmail.com might be your address, but feel free to use:

  • Betsy.NoSpam+fundraiser@gmail.com
  • Betsy.NoSpam+whitehouse@gmail.com
  • Betsy.NoSpam+amazon@gmail.com

Messages sent to those extra addresses will still get through to you at your normal address. But the Plus Sign info will still be visible to you on the mail you receive. You can use this tool to know when someone is sharing or selling your info. And you can also use this in writing email rules!

Let’s say you give out Betsy.NoSpam+lottery@gmail.com for a contest. And after you didn’t win anything, you noticed a lot of spam coming in, sent to that +lottery-address. In Gmail (or your mail client), you could then write a Rule or Filter to auto-delete everything sent to that particular address.

Shentel Email Scam for April 2021

Shentel Email users, beware the latest email scam coming to your inboxes!:

Phishing Email that shows the Shentel name

This message is not from Shentel! If you look closely, you’ll see it came from an odd address ending in “buckeye-express.com”. DO NOT CLICK the Update button, as it will take you to a deceptive website.

I’ll show that website here, without putting you at any risk:

Phishing Website that uses the Shentel name and logo

At a quick glance, this site looks legit, because they’ve stolen the Shentel logo, as well as the new Shentel Webmail icon. And the URL (web address) even has “Shentel” in it. It all feels very familiar…. But a Weebly.com address is something anyone can create, so this website was created by a bad actor. A true Shentel website would end in “shentel.net” or “shentel.com”.

If you received this message and went to this website, I hope that you didn’t fill out the fields. Anyone who types in an email and password on that site is actually delivering their logon credentials directly to some scammers. They will immediately log into your Shentel email at their true webmail site, and start abusing your address. I don’t yet know what these guys are up to, but email phishers often start emailing everyone in your address book with other ploys and lies.

If your email has been compromised, call Shentel immediately at 1-800-SHENTEL, and ask their tech support to change your password and inspect your account for other nefarious changes. And if you need any extra help, consider BlueScreen Computer as your backup option!

Unify Your AOL Inbox

AOL users may be used to a bifurcated inbox, that shows New Mail and Old Mail. Not everyone is happy with this inbox behavior, because as soon as you view and close a new message, it vanishes. The now-closed message automatically hops from New to Old, and you’ll have to switch folders to find it again.

AOL allows you to unify your inbox, so that it shows all of your mail in one Inbox, just like most other webmails. Here’s how to turn that option on:

  1. Go to your AOL Mail in any browser.
  2. Click Options in the upper-right corner, and then click Mail Settings.
  3. Scroll down to find Inbox Style, and select the bubble for Use Unified Inbox Style.
  4. Scroll to the bottom and click Save Settings.

With one folder for all your inbox emails, every message will now stay put in the list, after you close it.

Hide Google Meet in Gmail

Google really wants everyone to try out Google Meet. So they built it into their Gmail page design, some months ago. Google Meet probably roosts in the lower-left corner when you visit Gmail.com on your computer.

But not everyone uses Google Meet. And some people want that valuable screen real estate back, for their email folder list! So here’s how to remove Meet from Gmail:

  • Open your computer’s web browser and go to Gmail.com.
  • Click the Settings cogwheel icon to the upper-right, and then click See All Settings.
  • Look across the sections headings, and click Chat and Meet.
  • Click the bubble next to “Hide the Meet section…”. (And if you don’t use Hangouts, you can turn that off here, as well!)
  • Click the Save Changes button, and then reload your Gmail page.

If you make use of this tip, you can still use Google Meet. Simply go to the Google Meet website, or reverse these steps to bring back Meet to your Gmail page.

Recovering Permanently Deleted Emails

It is common for a scammer to delete things after they compromise someone’s email account. After recovering a stolen email account, you may notice that your Inbox is empty, or your address book has nothing in it. Checking the Trash folder, you’ll probably find nothing there, as well. They’ve covered their tracks, adding more insult to injury.

But in some cases, there is a chance to recover what’s been deleted, even though the Trash folder has been emptied. Each email provider has different avenues for you to try to “roll back time” or resurrect your lost items. In all cases, time is of the essence, so take immediate action for the best chance at recovery.

Google offers this Gmail Recovery Tool that may undelete messages from the last 30 days.

Yahoo Mail users may Send a Restore Request to get back messages deleted in the last 7 days.

Microsoft offers these steps for people with Outlook.com, Hotmail.com and Live.com email addresses.

I can’t tell if AOL offers any such recovery service, but they do detail how to recover deleted Contacts. It is possible that AOL could help with email loss, if you upgrade to their paid service, but you might want to call them at 1-866-265-8990 to see if it’s worth paying up ($5/mo.).

AT&T can recover their emails that have been deleted within 7 days, if you submit a restore request.

Comcast/Xfinity customers should reach out to their tech support, and ask to restore the affected email account to an earlier date. They should be able to “roll back time” to a previous day’s backup of emails. They may not be able to recover your addresses, though.

If your email is with a different provider or host, reach out to their support and explain your situation. Let them know that you’ve already checked your Trash/Deleted Items folders, and that what you want may have been removed from there. Ask if they have any process of recovering your account or restoring it to a previous date. It is fairly certain that they back up their mail servers…. The big question is: Are they nice enough to offer those backups to their customers?

What to Do When Your Email Is Compromised

If your email gets hijacked, you’ll figure it out quickly enough. People will start calling you to ask why you sent those out-of-character messages…

Scammers steal their way into email accounts every day. If your email gets stolen, the first and best thing to do is: Reset your email password.

But that may not be all that’s needed. Changing your password is often not enough.

Once you’ve secured your email and changed that password, you should test your email. Ask a trusted friend to send you a message. Reply to their email and send them back a message. Both of you should look closely to make sure the emails go through and look normal upon receipt.

If any abnormal messages show up, or if any emails vanish and never arrive, then the problem is only half-solved. The scammer may have made other changes to your account, in the hopes that you wouldn’t notice.

To find and reverse these changes, you’ll need to access your email through its Webmail site or through your web browser. You can’t fix these things within mail client programs like Thunderbird or Outlook 2019. These settings might also be hard to find through its app on your mobile devices.

Once logged into your email in a web browser, you’ll want to go into the Account Settings or Mail Settings area, and look for these items:

  • Mail Forwarding: Check to make sure your email is not forwarding to another address. If this feature was enabled, all of your new messages may be sent on silently to the bad guys’ email, and they can attempt new scams based on the messages rerouted from you. Turn it off!
  • Reply To: Settings: Another change the bad guys might make is with the “Reply To:” setting. They can stick another email in there, so that when people reply to your messages, the replies are diverted to the scammers, and not you! This setting should typically be empty or set to your exact email address.
  • Rules: Email invaders may also set up Rules that train your email to auto-delete incoming messages or send auto-replies to anyone trying to contact you. If you are not getting any new messages, they’ve likely put in a Rule to trash everything new that arrives. This makes it so that you don’t get any emails from people offering to help you.

If you have trouble finding these settings, call someone for help. Your ISP might offer some free tech support, or you can consult with your friendly neighborhood computer tech for detailed help.

Why Would Anyone Want to Hack Me?

I get this question all the time. Someone surveys themselves and sees nothing “worth hacking”. Because they just send a few innocuous emails a week, they do a little Facebooking with family, they play some solitaire. What could be worth a hacker’s time with their modest computer usage?

What makes them (or you) worth hacking is Legitimacy. If a hacker can get into your email or Facebook account, that is what they are stealing: your legitimacy. The hacker has no real identity to you or those you know, and has little power to steal into your lives and grab anything of value. But if they can get into your accounts, all of that changes.

Let’s say a scammer gets into your Gmail account. Once inside, he will probably change the password and recovery methods, so you are locked out and he can get comfy. He can now enjoy “being you” through your Gmail account. Since people trust messages coming from your Gmail, he has stolen a legitimate piece of your identity and can now:

  • Send scammy emails to everyone in your Contacts list, while bypassing all spam-filters.
  • Attempt password resets on your social media accounts, so that they can try scamming there.
  • Use your email address to logon to websites where the scammer has previously been blocked or banned.
  • Rifle through your Sent Mail to see where you shop, then attempt password resets at those sites, for some quick holiday shopping.

This kind of identity theft happens everyday and can really catch you off-guard, if you don’t think ahead and take it seriously. Your email and other online accounts are valuable, to the right crook. Please make sure to use strong passwords, so that crooks can’t easily guess them. And think twice before giving passwords out to anyone asking for them.

Gift Card Scams

If a stranger asks you to pay using a Gift Card, I need your next thought to be SCAM! Program yourself to mistrust anyone asking you to go buy a gift card. Gift cards are just like cash and should only be used as gifts, with people you know, love and trust.

  • If someone on the phone says they’ll fix your computer and you can pay them using a Walmart Gift Card, s/he is a scammer.
  • If someone on Facebook asks you to buy them Google Play Gift Cards so you can participate in a Bitcoin-Generating investment operation, that is also a scam.
  • If the IRS contacts you regarding tax arrears, and says you can avoid jailtime by buying them several Amazon Gift Cards, the whole thing is one big lie and scam!

And so on. Gift cards are sought after by scammers because the funds on those are largely untraceable and unrecoverable. Those guys know that scammy credit card charges can be disputed and removed, fairly quickly. But if they can get the number from a gift card, they will instantly syphon off that money, with no chance of reversal.

So please: Let the mere mention of a gift card be a red flag to you that you have encountered a scam. Legitimate companies will never run you to the store to buy such things. If you encounter a gift card scam, disconnect the call or delete the messages and move on!

« Older posts

© 2022 BlueScreen Computer

Theme by Anders NorenUp ↑