Category: Email (Page 2 of 3)

Shentel Email Best Security Practices

Many of my clientele are in the Shenandoah Valley of Virginia, the home territory of an ISP named Shentel. And like many ISPs, Shentel provides free, courtesy email addresses to its subscribers. It’s like a mint on your pillow, except this mint needs some extra warnings on its wrapper and may give you some indigestion…

I can level a variety of criticisms against any ISP-provided email another time. For this post, I need to write on how Shentel customers can keep their email more secure. There are frequent scams targeting Shentel email addresses, and I want to help as many people as I can to tighten their defenses.

If you don’t have a Shentel email address, this post will not directly apply to you, but the overall security recommendations do. So please consider these points, and implement anything you are comfortable with!

Password Strength

I’ve helped with Shentel email users for almost 20 years now, and from the beginning, I’ve noticed Shentel doling out really weak passwords to their email addresses. In 2002, it was common for a brand-new Shentel email address to come with a 6-digit password. It was typically 3 letters (part of the person’s name), and 3 numbers (often the phone exchange of the user). To this day, I still encounter Shentel email addresses with these old, short passwords, like “abc465” and “joe933”.

If your email password is this short and simple, please change it now. Email thieves can determine such short passwords quickly, without hacking you or tricking you. There are password-guessing programs readily available on the dark web that anyone buy and use for this. And once they guess your password, they can use your email to start scamming your friends and family, or worse.

Changing your Shentel email password is easy, especially if you know your current password.

  • Go to the Shentel Webmail website and login with your email credentials.
  • Click the cogwheel icon to the upper-right.
  • When the Settings screen appears, click Password.
  • Type in your old password and then enter a new password on the next two fields.
  • Click Save and you are done!

Try to choose a password that is 8 or more characters long, and use a capital letter, a number and a special symbol. An example of a strong password is: Maverick20#21 .

If you do not remember your Shentel password, call Shentel at 1-800-SHENTEL and ask their tech support to change your password over the phone.

Recovery Options

If your password is strong enough, you should still visit Shentel’s Webmail website. Shentel is starting to implement Password Recovery Options for its email users, but you won’t see these if you use Outlook, Thunderbird or a Mail app to see your messages. You must go to their Webmail site!

When you visit that site nowadays, you will be prompted to set a recovery email and recovery phone number. Fill out and satisfy these items as best you can, and call Shentel for assistance if there’s any difficulty. These are important to do! If some bad actor invades your email next month, these will help you more quickly to regain control of your account.

Request 2FA to Be Implemented

The best security tool to prevent email abuse is 2FA. This stands for two-factor authentication, and adds an extra layer to the login process for an account. When you use 2FA, you first login using your password, and next have to enter a token or code sent to your mobile number or other security device. If someone steals your email password, the second step will block them from accessing your account.

Shentel does not offer 2FA on their email accounts and has a hard time answering my most basic questions about it. But many other email providers do offer 2FA. If you are going to stick with your Shentel email address, you might reach out to Shentel to ask them to consider adding this security feature. It would greatly reduce the number of hacked Shentel email accounts!

When In Doubt, Pick Up the Phone

If you receive an email, and something doesn’t seem right, take your hand off the mouse. Take a moment to think about what isn’t sitting right with you, and contact someone without using that email in front of you.

That means: if you want to contact Shentel, dial 1-800-SHENTEL or any support number that is printed on their bills. Do not use any number in the fishy email! Contact info showing in a suspicious email will often put you in touch with criminals. And those guys will be all too happy to pretend that they are with whatever company you say you’re trying to reach.

If you can’t reach the company for advice, call someone else. Talk to a trusted friend, police officer, church pastor or relative. Or drop me a line for a second opinion, I am happy to sound off on all things, legitimate and scammy! You’re even welcome to forward odd emails to me, and I will quickly write you back with my verdict of them.

Periods & Plus Signs in Gmail Addresses

periods & plus signs in gmail addresses

An email address are generally case-insensitive, that is, it doesn’t matter if you use capital letters or lower-case. But Google has a few more tricks up its Gmail sleeve. Let me describe how you might use extra periods and plus signs in Gmail addresses:

Periods: In any Gmail address, periods are ignored before the @ symbol. So feel free to add periods anywhere in the username portion, if it makes your email address easier to read or understand.

As far as Google is concerned, joedfragmented@gmail.com is the same as joe.d.fragmented@gmail.com is the same as Joe.D.Frag.Mented@gmail.com . But one may look better than another on a resume, while another may be easier to relay over the phone, so choose appropriately!

Plus Signs: Plus Signs are also ignored in any Gmail address, along with anything that comes after the plus sign, up to the @ symbol. That means you can customize your email address with any words you like.

Betsy.NoSpam@gmail.com might be your address, but feel free to use:

  • Betsy.NoSpam+fundraiser@gmail.com
  • Betsy.NoSpam+whitehouse@gmail.com
  • Betsy.NoSpam+amazon@gmail.com

Messages sent to those extra addresses will still get through to you at your normal address. But the Plus Sign info will still be visible to you on the mail you receive. You can use this tool to know when someone is sharing or selling your info. And you can also use this in writing email rules!

Let’s say you give out Betsy.NoSpam+lottery@gmail.com for a contest. And after you didn’t win anything, you noticed a lot of spam coming in, sent to that +lottery-address. In Gmail (or your mail client), you could then write a Rule or Filter to auto-delete everything sent to that particular address.

Shentel Email Scam for April 2021

Shentel Email users, beware the latest email scam coming to your inboxes!:

Phishing Email that shows the Shentel name

This message is not from Shentel! If you look closely, you’ll see it came from an odd address ending in “buckeye-express.com”. DO NOT CLICK the Update button, as it will take you to a deceptive website.

I’ll show that website here, without putting you at any risk:

Phishing Website that uses the Shentel name and logo

At a quick glance, this site looks legit, because they’ve stolen the Shentel logo, as well as the new Shentel Webmail icon. And the URL (web address) even has “Shentel” in it. It all feels very familiar…. But a Weebly.com address is something anyone can create, so this website was created by a bad actor. A true Shentel website would end in “shentel.net” or “shentel.com”.

If you received this message and went to this website, I hope that you didn’t fill out the fields. Anyone who types in an email and password on that site is actually delivering their logon credentials directly to some scammers. They will immediately log into your Shentel email at their true webmail site, and start abusing your address. I don’t yet know what these guys are up to, but email phishers often start emailing everyone in your address book with other ploys and lies.

If your email has been compromised, call Shentel immediately at 1-800-SHENTEL, and ask their tech support to change your password and inspect your account for other nefarious changes. And if you need any extra help, consider BlueScreen Computer as your backup option!

Hide Google Meet in Gmail

Google really wants everyone to try out Google Meet. So they built it into their Gmail page design, some months ago. Google Meet probably roosts in the lower-left corner when you visit Gmail.com on your computer.

But not everyone uses Google Meet. And some people want that valuable screen real estate back, for their email folder list! So here’s how to remove Meet from Gmail:

  • Open your computer’s web browser and go to Gmail.com.
  • Click the Settings cogwheel icon to the upper-right, and then click See All Settings.
  • Look across the sections headings, and click Chat and Meet.
  • Click the bubble next to “Hide the Meet section…”. (And if you don’t use Hangouts, you can turn that off here, as well!)
  • Click the Save Changes button, and then reload your Gmail page.

If you make use of this tip, you can still use Google Meet. Simply go to the Google Meet website, or reverse these steps to bring back Meet to your Gmail page.

Recovering Permanently Deleted Emails

It is common for a scammer to delete things after they compromise someone’s email account. After recovering a stolen email account, you may notice that your Inbox is empty, or your address book has nothing in it. Checking the Trash folder, you’ll probably find nothing there, as well. They’ve covered their tracks, adding more insult to injury.

But in some cases, there is a chance to recover what’s been deleted, even though the Trash folder has been emptied. Each email provider has different avenues for you to try to “roll back time” or resurrect your lost items. In all cases, time is of the essence, so take immediate action for the best chance at recovery.

Google offers this Gmail Recovery Tool that may undelete messages from the last 30 days.

Yahoo Mail users may Send a Restore Request to get back messages deleted in the last 7 days.

Microsoft offers these steps for people with Outlook.com, Hotmail.com and Live.com email addresses.

I can’t tell if AOL offers any such recovery service, but they do detail how to recover deleted Contacts. It is possible that AOL could help with email loss, if you upgrade to their paid service, but you might want to call them at 1-866-265-8990 to see if it’s worth paying up ($5/mo.).

AT&T can recover their emails that have been deleted within 7 days, if you submit a restore request.

Comcast/Xfinity customers should reach out to their tech support, and ask to restore the affected email account to an earlier date. They should be able to “roll back time” to a previous day’s backup of emails. They may not be able to recover your addresses, though.

If your email is with a different provider or host, reach out to their support and explain your situation. Let them know that you’ve already checked your Trash/Deleted Items folders, and that what you want may have been removed from there. Ask if they have any process of recovering your account or restoring it to a previous date. It is fairly certain that they back up their mail servers…. The big question is: Are they nice enough to offer those backups to their customers?

What to Do When Your Email Is Compromised

If your email gets hijacked, you’ll figure it out quickly enough. People will start calling you to ask why you sent those out-of-character messages…

Scammers steal their way into email accounts every day. If your email gets stolen, the first and best thing to do is: Reset your email password.

But that may not be all that’s needed. Changing your password is often not enough.

Once you’ve secured your email and changed that password, you should test your email. Ask a trusted friend to send you a message. Reply to their email and send them back a message. Both of you should look closely to make sure the emails go through and look normal upon receipt.

If any abnormal messages show up, or if any emails vanish and never arrive, then the problem is only half-solved. The scammer may have made other changes to your account, in the hopes that you wouldn’t notice.

To find and reverse these changes, you’ll need to access your email through its Webmail site or through your web browser. You can’t fix these things within mail client programs like Thunderbird or Outlook 2019. These settings might also be hard to find through its app on your mobile devices.

Once logged into your email in a web browser, you’ll want to go into the Account Settings or Mail Settings area, and look for these items:

  • Mail Forwarding: Check to make sure your email is not forwarding to another address. If this feature was enabled, all of your new messages may be sent on silently to the bad guys’ email, and they can attempt new scams based on the messages rerouted from you. Turn it off!
  • Reply To: Settings: Another change the bad guys might make is with the “Reply To:” setting. They can stick another email in there, so that when people reply to your messages, the replies are diverted to the scammers, and not you! This setting should typically be empty or set to your exact email address.
  • Rules: Email invaders may also set up Rules that train your email to auto-delete incoming messages or send auto-replies to anyone trying to contact you. If you are not getting any new messages, they’ve likely put in a Rule to trash everything new that arrives. This makes it so that you don’t get any emails from people offering to help you.

If you have trouble finding these settings, call someone for help. Your ISP might offer some free tech support, or you can consult with your friendly neighborhood computer tech for detailed help.

Why Would Anyone Want to Hack Me?

I get this question all the time. Someone surveys themselves and sees nothing “worth hacking”. Because they just send a few innocuous emails a week, they do a little Facebooking with family, they play some solitaire. What could be worth a hacker’s time with their modest computer usage?

What makes them (or you) worth hacking is Legitimacy. If a hacker can get into your email or Facebook account, that is what they are stealing: your legitimacy. The hacker has no real identity to you or those you know, and has little power to steal into your lives and grab anything of value. But if they can get into your accounts, all of that changes.

Let’s say a scammer gets into your Gmail account. Once inside, he will probably change the password and recovery methods, so you are locked out and he can get comfy. He can now enjoy “being you” through your Gmail account. Since people trust messages coming from your Gmail, he has stolen a legitimate piece of your identity and can now:

  • Send scammy emails to everyone in your Contacts list, while bypassing all spam-filters.
  • Attempt password resets on your social media accounts, so that they can try scamming there.
  • Use your email address to logon to websites where the scammer has previously been blocked or banned.
  • Rifle through your Sent Mail to see where you shop, then attempt password resets at those sites, for some quick holiday shopping.

This kind of identity theft happens everyday and can really catch you off-guard, if you don’t think ahead and take it seriously. Your email and other online accounts are valuable, to the right crook. Please make sure to use strong passwords, so that crooks can’t easily guess them. And think twice before giving passwords out to anyone asking for them.

Windows Live Mail Keeps Breaking

I’m sorry to say it, but it is time that we move past using Windows Live Mail. Many of you still use it and love it, as your primary email client. But despite how awesome this program has always been, it is no longer reliable. Microsoft sunsetted this program back in 2012, but users were allowed to keep using it. Now in 2020, it is becoming clear: every time Windows 10 receives a biannual update, Windows Live Mail may stop working.

When Microsoft breaks WLM, you’ll know it because it will

  1. Not allow you to view your individual messages
  2. Not allow you to send/receive messages
  3. Claim you are low on memory or disk space

This breakage can be fixed, but I’m now seeing that the fix is short-lived. Because a repair on Windows Live mail may only last you 6 months, give or take, I must now a) recommend you move away from using Windows Live Mail and b) describe the fixes. I don’t want to “make work” for myself, and doing anything else would be unconscionable.

Since the fixes are more than many people can undertake, again, I encourage you to get ready to move to different email access. Instead of using Windows Live Mail, you could move to Mozilla Thunderbird or Windows Mail. But in many cases, switching to the Webmail site for your email is the best and most direct option. Please consider that option first!

The rest of this post describes the fixes for when WLM misbehaves. Please do NOT attempt these steps if you are uncomfortable or unfamiliar with the advanced techniques therein. BlueScreen Computer cannot accept any responsibility for any damages/data loss that occur from attempting the following repair tactics.

WLM Repair Option #1

Remove your Email Account and re-add it.

For this method, you will need to know your mail server names and other account settings. Comb through your email account screens and take notes before you proceed, or call your ISP or email provider afterwards for info and help.

Also note that this is intended for IMAP account setups. If you have previously setup your email in WLM as a POP account, you may irrevocably lose emails or folders in this process.

Open WLM and dismiss any error pop-ups.

Go to File -> Options -> Email Accounts.

Select your email account and click the Remove button.

Once your email address is gone from this window, use the Add… button to set it up again.

WLM Repair Option #2

Delete the App Data for WLM

As in Option #1, you will need to re-add your email account after these steps. Take note of your account settings in advance, or be prepared to call someone for help with the settings. And if your email account was set up as a POP, this may cause the loss of your current emails and folders..

Press the Windows Key and the ‘R’ key to open a Run window.

Type %localappdata% and click OK.

Enter the Microsoft folder, then enter the Windows Live Mail folder.

Delete all files and folders inside.

Reboot, reopen WLM and go to File -> Options -> Email Accounts to re-add your email account.

WLM Repair Option #3

Use a Windows Registry Reset

This option involves editing the registry, and you almost never see me recommending this to anyone. A mistake in the Windows Registry can harm your entire computer, and no one wants that. Do not attempt this unless you are uber-confident with your computer skills.

Press the Windows Key and the ‘R’ key to open a Run window.

Type regedit and click OK.

Drill down to Computer \ HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows Live Mail

Right-click on the Windows Live Mail folder and (one at a time), create the following DWORD entries:

RecreateFolderIndex
RecreateStreamIndex
RecreateUIDLIndex

As you create each new entry, open it and change its Value Data to 1.

If for any reasons these values are already present, do not recreate them, but open each and change the Value Data to 1.

Reboot and reopen WLM.

Informed Delivery by USPS

The 2001 Anthrax Attacks led the USPS to begin scanning and tracking our postal mail. All USPS mail is photographed and/or scanned as it passes through sorting machines and sent on its way. This mass surveillance program is called Mail Isolation Control and Tracking, or MICT for short.

Eventually (in 2017), the USPS decided to share this bevy of information with its customers, in the form of a program called Informed Delivery. If you sign up for Informed Delivery, you can get a preview of your mail that will arrive later that day. This service is free to all eligible addresses, and you can sign up at this site. Typically, you will receive an email each morning, showing an image of all mail arriving that day, but they also appear to offer a text notification option, too!

I can see so many uses for this tool. If you have a problem with missing mail, it might give extra information about where it is getting lost. If you aren’t at your residence every day, it can give you a heads-up when something important has arrived. It might also help you intercept a birthday present that’s arriving for your spouse. And so on.

It even works for some PO Boxes, but you must try to sign up at their website to find out if your address is currently eligible.

Email Safety Tips

Right now, government agencies are warning about a significant ransomware attack being directed at US Hospitals. And I hear that the ADA is reaching out to dental offices, telling them to be alert and to make sure their data is backed up. As the current threat expands, any healthcare-related office needs to be on guard, as do you. Ransomware or viruses usually ignore geographic and other man-made boundaries. The next computer hazard could arrive in your inbox at any time.

But please don’t get too anxious, because your antivirus and other software security is going to help keep the threat at bay. What you should consider is: The bad guys know you’re already well-protected, so they will use mind games to get you to defeat your own security. Here are some basic tips to keep you safe and help you not get tricked into a computer infection:

  • Don’t open attachments or click links that you weren’t expecting, or are from unknown people. Especially keep this in mind for when you receive a scary or alarming email! Ransomware is often contained in messages that claim you have an overdue account or large bill attached. By sending you unpleasant news, they hope to distract you and compromise your judgment for just long enough for you to open that viral attachment.
  • If your gut is telling you something, LISTEN TO IT. Did you just get a message from your CEO that seemed a little off? Is your friend emailing you for something that isn’t in character? Don’t second-guess yourself, don’t struggle to get in their head. Step away from the computer and pick up the phone. Get confirmation through other means before you trust that email on your screen.
  • Believe in your antivirus and other protections. Don’t be tricked into disabling any protections. I just received an Excel attachment and Microsoft Office opened it in “Protected View”, since it was obviously from somewhere foreign. But the file itself directed me to disable that Protected View feature and try again. If I had followed those steps, I would have infected my computer.
  • Badly grammar and mispellings used to be the hallmark of malicious emails, but not anymore. But there are other clues you can look out for. If you can spot the sender’s email address, be critical of the spelling and exact domain name. If you see an obvious mismatch between the email address and sender name, then trash that email immediately. Examples: Fred Rogers, Microsoft Support with the address of totalvirusdefense@microsofttechgods.ru or Beatrice Snodgrass from Amazon Refund Agency with the address beatsnod@yahoo.au .
  • Don’t reply to emails that seem suspicious. Don’t call any phone number listed in an email that urgently calls you to action. You must not trust the contact info presented in the email! When verifying any email, use contact information from some source other than the email itself. For example, if you get a weird message from your boss, Forward the message to his email address from your address book, and maybe Cc: his boss. Or if you get an alert from your bank, grab your last paper statement or bank card, and call the phone number printed there.

Be safe out there, folks!

« Older posts Newer posts »

© 2024 BlueScreen Computer

Theme by Anders NorenUp ↑