Category: Communications (Page 2 of 5)

Shentel/Mail2World’s 2023 Email Outage

Can you believe it’s been a whole year since the worldwide Mail2World 2022 email outage? Also: Can you believe it’s only been a year and Mail2World has brought us another email outage?

OK, so far, it looks like it’s only affecting Shentel email. I am checking in with other Mail2World clients, and they report no issues at this time. But if you use Shentel email, you may not be able to access your messages, nor will you be able to send or receive anything.

This outage seems to extend to Shentel Webmail, mail clients, and the mobile app. Wherever you go, Shentel email is kicking up some scary security warnings:

If you’re suffering from these errors, there little that you or I can do. It’s on Mail2World to fix this. They may have forgotten to renew a security certificate on the server that makes your email work. For now, I see your options as:

  1. Call Shentel at 1-800-SHENTEL and inquire politely for an ETR.
  2. Sit tight and check your email occasionally.

I will update this page if I encounter new information!

UPDATE@9:30PM: Shentel Webmail is starting to open up again for people. M2W may have bought a quick 1-month security certificate to tide things over.

If you’re still getting errors from your email client (Mail, Outlook, Thunderbird), reboot your computer and see if things start working again!

UPDATE@7:30AM, 2/10/2023: Looks like everything is back to normal and functional again. But now we get to wait a month and see if this recurs on 3/13/2023. Mail2World, we’ll be watching you.

Smishing

An Etymology & History Lesson

Hacking is nothing new. In the 1970’s, we had hackers that were experts at gaming and abusing our telephone systems. They were able to avoid long-distance charges when placing calls, and those free calls may had led to them being called freaks. But soon after, those phone freaks were simply termed phreaks.

In the 90’s, cybercrime developed and spread via email. We needed a new term for all those deceptive, fraudulent messages going around. Borrowing from the cool jargon 20 years prior, we turned fishing into phishing and used that to refer to those emails that tried to get their hooks into people for their passwords and account numbers.

To this day, phishing remains a major vector for fraud and e-trickery. And phishing continues to evolve and adapt to how we communicate. The Simple Message System (SMS) caught on in the 2000’s and its text messages are now used for so much of our daily activities. And as SMS messages proved to be a viable medium for phishing attempts, a new portmanteau was born: smishing.

Only One Real Defense Against Smishing

Today’s smishes generally try to trick you into one of two things: 1) click on a bogus URL, so that you visit a deceptive site, or 2) call a phone number to connect you with a scammer. Each scam is a little bit different from the next, but in general, once you go down one of those two roads, your computer, finances, passwords and sanity are all at risk.

Your cellular provider blocks a lot of smish attacks, but there’s bound to be something that get through. Smish happens. Your best defense is education. Look at some examples of smishing messages and get familiar with them. And later, when some smish shows up at your door, you’ll just roll your eyes and move on.

Examples

Some smishing wants convince you of a purchase that you didn’t authorize. It could be for a laptop, or some antivirus or a Peloton Bike. It doesn’t matter what it is, what’s important is: the message is 100% fiction. There is no charge. There is no high-dollar item. Notice that the text message doesn’t even say which card has been charged! The bogus phone number doesn’t go to a bank; it goes right to a scammer’s cubicle.

Fake Purchase Smish

Another smish to consider is the Delivery Smish. This one lies about an imaginary package that couldn’t make it to your door. If you click the link, it will lead to a phishing website, where you will be asked for credit card information to cover a postage fee to get your package. But again, there is no package, but they will quickly run some real charges on your bank card, if they get that number from you!

Delivery Smish

You are almost never going to win anything through a text message. But below, you’ll see a smishing message that wants you to believe. Please don’t.

Lottery Smish

Ever get this text about a pending criminal charge or tax return problem? The police or FBI is not coming to arrest you. Or rather, if they are, they certainly aren’t going to text you in advance.

Going to Jail Smish

There are so many more examples I can give, such as Password Reset Smishing and Message from your CEO smishing. A couple of months ago, I blogged about the EBT Scam. Next year, I’ll have to blog about a new smish. Feel free to Google for “smishing examples” if you need more food for thought.

Common Traits to Watch Out For

  • The phone numbers in these bogus texts often give it away. The smish may arrive from an area code you’ve never dealt with before. Or the stated number may have odd punctuation. Plus, if you want, you can copy down the number and Google it. A lot of these scammers’ numbers will turn up in a search, on scam-watch websites.
  • The details are usually vague. There’s a pending charge, but it doesn’t say with which bank. You’ve won a prize, but from which company? Your plane tickets were cancelled, but the airline name is not mentioned. A legitimate notification would be crystal clear about important details.
  • The URLs are questionable, but sometimes you have to look closely. It’s a pretty obvious trap if the weblink contains wording like “curesickness.com.” But other URLs are written to look similar to trusted domains. They may only be one letter off, but if they’re trying to get you to tap on “www.disneyy.com”, think twice and back away.

How To Respond

First of all, don’t ever respond to a phishing text. Communicating in any way with a scammer is bound to get you more spam, phishing, smishing and other annoyances coming your way.

Treat smishing as you would any other spam: Report it, block it, delete it.

If you have a severe problem with too much SMS spam, contact your cell provider. They may offer extra spam-blocking options to curb the junk.

And if you’re just not sure, if you got a text and you worry that it might be legitimate… Close the text message and seek verification elsewhere. Call your bank from the number on your statement. Go to the Amazon website and chat with their support. Find real help somewhere else and they will corroborate the facts or dispel the myth.

The Text-Based EBT Scam

For anyone involved in SNAP or receiving EBT funds, please be aware of the following scam:

This is a text message that did NOT come from the government or any legitimate entity. It is the beginning of a scheme to steal your EBT funds.

If you receive this text, do NOT call the number. Do NOT respond to the text. Simply ignore, delete or block this message.

If someone calls the number in the text, a scammer will answer and pretend to be with the government. They will try to learn the caller’s EBT account info and PIN. Once they have those numbers, the crook will drain the funds from the person’s EBT account.

The legitimate people in charge of SNAP and EBT will never text you. If you need to contact them, find their official phone number on this list and call them. And if you have fallen victim to this scam, please call your state’s EBT Client ASAP to see if anything can be done.

Spam Text Messages

Here are options for dealing with spam received via text message:

Forward the Message to SPAM

When you get a spam text, forward it to 7726 (SPAM). This helps your carrier know about what spam is spreading where, and they’ll study the trends to prevent more spam from reaching you.

To forward a message on Apple devices, consider the section at this page titled “Forward older text messages.”

For Android devices, try these steps to forward a message any spam text to 7726.

Block the Sender

Most phones allow you to block a specific number from sending you texts. So when that annoying spam message arrives, block the sender’s number.

Here are the steps to block a text sender on iOS. On Android, try these steps or maybe these will help.

Note: If a spammer is spoofing your number, so that the text looks like it is coming from you, don’t block it. Just forward it to SPAM as described above, and contact your provider if it keeps happening.

Contact Your Provider

Each cellular provider offers different free tools for blocking unwanted calls and texts. If you are receiving a high level of spam messages, reach out to them. Ask them to review your account and phone settings, to be sure that all possible features are enabled, to block the maximum amount.

Report Spam to the Government

You are welcome to report unwanted communication (calls OR texts) to the FCC and the FTC. The DoNotCall Registry also wants your reports of spam.


Caveats

When acting on a spam text (to block it), take care to not tap on any attached files or links.

Do not reply to any spam text with any complaints or commentary. Do not try to unsubscribe, as this may create more spam for you!

5G Is Not the Same as 5G

Tech jargon is confusing enough as it is. But then some geniuses had to go and name two completely different technologies the same thing. Not helpful….

I’m referring to the label “5G”, which can be used regarding your home Wi-Fi or with cellphones. I continue to find that people conflate the two technologies when they have absolutely nothing to do with each other! So I’m going to try and clear this up:

5G Stands for Fifth Generation

When talking about telecommunications, 5G refers to the latest technology that makes your cellphones work. Right now, the fifth generation (5G) of technology is being rolled out in our country. The fourth generation (4G) is the existing cellular communications technology used in much of the country, and 3G & 2G technology is on its way out. The old 3rd gen and 2nd gen antennae and other hardware is being decommissioned and dismantled to make way for the new hotness that is 5G.

5G Stands for 5 Gigahertz (GHz)

By now, most households have Wi-Fi to spread your internet connection around to laptops, tablets and smartphones. And many of you may notice that your Wi-Fi router offers two network names, one that may end in “-5G”. This is merely to distinguish the two bands of frequency emanating from your device. Those two bands are 2.4Ghz and 5Ghz, the latter can be referred to as the “5G band.” If you want to read more on Wi-Fi frequency bands, this site has you covered.

Voice-to-Text Typing

Speak to your computer and have it type what you’re saying! Windows and MacOS have voice-to-text typing tools built-in and you just have to launch them for your speech to flow into whatever document you’re creating.

Windows Users would press Win + H to open the dictation tool.

Apple users can press the Fn button twice to launch their dictation tool.

Once started, you can have this tool enter your spoken words anywhere you see the input cursor flashing. Feel free to dictate into a Word doc or email or status field on Facebook. After you’re done dictating, feel free to go back and edit for punctuation by hand.

And if you ever have any trouble with these built-in tools, there are websites that offer similar tools. This Voice Notepad website is handy, because you can switch between dictation and typing more gracefully. When you’re done, simply copy the text and paste it elsewhere.

Mail2World’s 2022 Email Outage

On Wednesday, 1/12/2022, an email provider named Mail2World disappeared from the internet. They’re a modest company based in California that provides email for millions of people worldwide. They handle the email service for many different ISPs (including Shentel, Buckeye Broadband, and SRT), as well as for individuals and small businesses. Information on this outage was challenging to come by, so I’m going to chronicle what I saw and learned during this event, below.

Day One (January 12)

Around 7AM EST, all email service with Mail2World stopped. For the entire day, no answers were forthcoming. People calling their ISPs got only vague explanations: “Email is completely down, we have no ETR.”

Those that contacted Mail2World directly received an unprofessional response. I had hoped they would issue a press release or a Pinned Post on Facebook. But, ironically commenting on an older Facebook Post about “improving your chances of getting your email read,” Mail2World shared only a few vague tidbits. It was nothing informative (“Please be advised that we’re fully and diligently working on the current email service outage.”) and only aggravated their clients further.

Day Two (January 13)

With email still down, Mail2World told some ISPs to expect a 3PM EST recovery time. But that deadline came and went, and everyone had to face the fact that nothing would be restored this day.

A sharp-eyed Facebook commenter pointed out a breaking news story (alternate link) about a ransomware attack and suggested it might be relevant. I called the ISP mentioned in the story and got confirmation: Mail2World is their email provider, and a ransomware attack had brought down all of Mail2World.

Day Three (January 14)

The outage continued, but repair progress could be detected. Using DNS detection websites, people could see that Mail2World DNS entries were coming back online, across the globe. M2W had been completely absent from the world’s DNS servers for the first two days of this outage!

Repeatedly contacting Mail2World, I could only get the briefest assurance from M2W that no one data was compromised or stolen. And as more news reports about the ransomware attack emerged, that seemed to confirm that user data was safe through this debacle. Other ISPs started to report more details, as well.

After much teeth-grinding, Mail2World posted an non-update on their Facebook Page. Huzzah! And their sales website came back online, more progress!

Day Four (January 15)

Early in the morning, Shentel reported email service may be restored in the next 24 hours. By some estimates, that would be extremely quick and efficient, but not unheard of.

By mid-day, a rare few M2W email accounts were able to send out messages, although they arrived with security warnings and other malformations. Still, it showed further progress!

As Day Four drew to close, a few users reported in about email arriving to their Mail2World accounts. We couldn’t declare a complete recovery yet, but some people were able to send off a few messages, and verify that their old emails were once again available.

Day Five (January 16)

I woke to reports of Shentel (Virginia) email users happy with their restored accounts. Reports from other states (Indiana, South Dakota, Ohio) were varied, but most showed some signs of functionality. Other countries (Sweden, Australia, Mexico) also reported in about recovery, again varied, with some at full email ability, while others still hampered or limited.

This outage was mentioned over at Slashdot, but still hadn’t garnered any national or large-scale news coverage.

For my part, I recommended to anyone with fully-restored ISP email, to call into to their internet providers for a refund or credit. Since Mail2World would surely pay a penalty to their ISP clients for the outage, I reasoned that that money should be passed along to the ISP customers themselves. And my experience with many ISPs is that: If you don’t ask, you don’t get!

Day Six (January 17)

Today I found that most people worldwide have their basic M2W email service back. But there are some outliers that are still waiting, in Sweden or Mexico. These folks tend to be individuals that have enrolled in free email service directly with Mail2World. I can only guess that they are low-priority, and may have a much longer repair time than the blocks of email addresses repaired for the large ISP customers.

If you’re still waiting for an M2W repair, I can only tell you to hang in there, keep waiting and reach out to Mail2World repeatedly as time goes on. You can call them at +1 (310) 209-0060, visit their website, check them on Facebook, or find their Twitter feed. Good luck!

Epilogue (March 9)

Most everyone I know has moved on from this issue. But I am still disappointed. There are many questions left unanswered: What ransomware or criminal group caused this? Was the attack successful because of employee error or a zero-day exploit? Was the ransom paid or not?

For my part, I’ve pinged M2W for 2 months, through FB/Twitter/email/LinkedIn, asking for more info. And today, I got a phone call from one of their agents. He explained that the matter has been investigated, mitigated, resolved and put to bed. All informative reports have been finished and submitted… to the ISPs and involved companies.

He didn’t have any press releases or documentation for me. Or for the masses of email users out there. All of the “post-mortem” reports have been sent to Shentel, Buckeye Broadband and similar companies. And those big ISPs might not share that info with us little people, because, well… lawyers.

But this kind gentleman who called me reiterated: The ransomware attack did not expose anyone’s email info. He briefly mentioned that a 3rd-party vendor made a mistake and left a port open somewhere, and bad actors capitalized on the vulnerability. Now that all the forensics and investigation is through, M2W has improved their security and procedures to prevent this from happening again.

USPS Operation Santa

The USPS needs your help! Their Operation Santa program has gone national this year, and they need generous people to help them answer letters sent to Santa.

This USPS program collects and posts Santa-letters from kiddos all over the USA. When you participate in the program, you can “adopt” a letter, respond to it appropriately and send a gift (as Santa) through regular USPS mail.

If you’re interested in fulfilling a child’s holiday wish, you should check out how it all works, as well as the FAQ, for this program. They’ve got all kinds of instructions and print-outs that make this easy to do.

Shentel Email Best Security Practices

Many of my clientele are in the Shenandoah Valley of Virginia, the home territory of an ISP named Shentel. And like many ISPs, Shentel provides free, courtesy email addresses to its subscribers. It’s like a mint on your pillow, except this mint needs some extra warnings on its wrapper and may give you some indigestion…

I can level a variety of criticisms against any ISP-provided email another time. For this post, I need to write on how Shentel customers can keep their email more secure. There are frequent scams targeting Shentel email addresses, and I want to help as many people as I can to tighten their defenses.

If you don’t have a Shentel email address, this post will not directly apply to you, but the overall security recommendations do. So please consider these points, and implement anything you are comfortable with!

Password Strength

I’ve helped with Shentel email users for almost 20 years now, and from the beginning, I’ve noticed Shentel doling out really weak passwords to their email addresses. In 2002, it was common for a brand-new Shentel email address to come with a 6-digit password. It was typically 3 letters (part of the person’s name), and 3 numbers (often the phone exchange of the user). To this day, I still encounter Shentel email addresses with these old, short passwords, like “abc465” and “joe933”.

If your email password is this short and simple, please change it now. Email thieves can determine such short passwords quickly, without hacking you or tricking you. There are password-guessing programs readily available on the dark web that anyone buy and use for this. And once they guess your password, they can use your email to start scamming your friends and family, or worse.

Changing your Shentel email password is easy, especially if you know your current password.

  • Go to the Shentel Webmail website and login with your email credentials.
  • Click the cogwheel icon to the upper-right.
  • When the Settings screen appears, click Password.
  • Type in your old password and then enter a new password on the next two fields.
  • Click Save and you are done!

Try to choose a password that is 8 or more characters long, and use a capital letter, a number and a special symbol. An example of a strong password is: Maverick20#21 .

If you do not remember your Shentel password, call Shentel at 1-800-SHENTEL and ask their tech support to change your password over the phone.

Recovery Options

If your password is strong enough, you should still visit Shentel’s Webmail website. Shentel is starting to implement Password Recovery Options for its email users, but you won’t see these if you use Outlook, Thunderbird or a Mail app to see your messages. You must go to their Webmail site!

When you visit that site nowadays, you will be prompted to set a recovery email and recovery phone number. Fill out and satisfy these items as best you can, and call Shentel for assistance if there’s any difficulty. These are important to do! If some bad actor invades your email next month, these will help you more quickly to regain control of your account.

Request 2FA to Be Implemented

The best security tool to prevent email abuse is 2FA. This stands for two-factor authentication, and adds an extra layer to the login process for an account. When you use 2FA, you first login using your password, and next have to enter a token or code sent to your mobile number or other security device. If someone steals your email password, the second step will block them from accessing your account.

Shentel does not offer 2FA on their email accounts and has a hard time answering my most basic questions about it. But many other email providers do offer 2FA. If you are going to stick with your Shentel email address, you might reach out to Shentel to ask them to consider adding this security feature. It would greatly reduce the number of hacked Shentel email accounts!

When In Doubt, Pick Up the Phone

If you receive an email, and something doesn’t seem right, take your hand off the mouse. Take a moment to think about what isn’t sitting right with you, and contact someone without using that email in front of you.

That means: if you want to contact Shentel, dial 1-800-SHENTEL or any support number that is printed on their bills. Do not use any number in the fishy email! Contact info showing in a suspicious email will often put you in touch with criminals. And those guys will be all too happy to pretend that they are with whatever company you say you’re trying to reach.

If you can’t reach the company for advice, call someone else. Talk to a trusted friend, police officer, church pastor or relative. Or drop me a line for a second opinion, I am happy to sound off on all things, legitimate and scammy! You’re even welcome to forward odd emails to me, and I will quickly write you back with my verdict of them.

Is Facetime Coming to Windows?

The answer to this is a bit dicey. Or nuanced. But the explanation is worth it for your safety.

The Basics

Facetime is an Apple-owned iOS app that allows you to video chat with people on their iPhones and iPads,. To date, Facetime has only been able to connect you with other iOS devices. That means if you’re on an Android phone or a Windows computer, you can’t use Facetime!

Upcoming Changes

But in the near future, the iOS on modern iPhones and Apple tablets is going to update to version 15. And that update includes a nice change to Facetime: You’ll then be able to send invite links to non-Apple users, and rope them into your Facetime video chats!

There’s nothing to install, when you do this. Non-Apple users will receive a link that opens the Facetime chat in a browser window. It will probably be similar to receiving a Zoom link. PC and Android users will (still) not be able to initiate a Facetime chat, as only iOS users get to do that.

Why Is This Important?

Unfortunately, the nuance of what’s developing is getting lost in the headlines. Many tech articles are already cheerleading with “Facetime Coming to Windows” and that isn’t exactly true. And it is leading people down bad paths.

When some folks see that kind of news, they immediately search the internet for “Facetime for Windows” or similar. And they find free programs or extensions that claim it will install Facetime on your device. And this leads to an infection or adware getting on their machines.

Please do not install anything that says you can put Facetime on your non-Apple device. It is surely false and will only cause you trouble.

« Older posts Newer posts »

© 2023 BlueScreen Computer

Theme by Anders NorenUp ↑