Category: Communications (Page 3 of 5)

Mail2World’s 2022 Email Outage

On Wednesday, 1/12/2022, an email provider named Mail2World disappeared from the internet. They’re a modest company based in California that provides email for millions of people worldwide. They handle the email service for many different ISPs (including Shentel, Buckeye Broadband, and SRT), as well as for individuals and small businesses. Information on this outage was challenging to come by, so I’m going to chronicle what I saw and learned during this event, below.

Day One (January 12)

Around 7AM EST, all email service with Mail2World stopped. For the entire day, no answers were forthcoming. People calling their ISPs got only vague explanations: “Email is completely down, we have no ETR.”

Those that contacted Mail2World directly received an unprofessional response. I had hoped they would issue a press release or a Pinned Post on Facebook. But, ironically commenting on an older Facebook Post about “improving your chances of getting your email read,” Mail2World shared only a few vague tidbits. It was nothing informative (“Please be advised that we’re fully and diligently working on the current email service outage.”) and only aggravated their clients further.

Day Two (January 13)

With email still down, Mail2World told some ISPs to expect a 3PM EST recovery time. But that deadline came and went, and everyone had to face the fact that nothing would be restored this day.

A sharp-eyed Facebook commenter pointed out a breaking news story (alternate link) about a ransomware attack and suggested it might be relevant. I called the ISP mentioned in the story and got confirmation: Mail2World is their email provider, and a ransomware attack had brought down all of Mail2World.

Day Three (January 14)

The outage continued, but repair progress could be detected. Using DNS detection websites, people could see that Mail2World DNS entries were coming back online, across the globe. M2W had been completely absent from the world’s DNS servers for the first two days of this outage!

Repeatedly contacting Mail2World, I could only get the briefest assurance from M2W that no one data was compromised or stolen. And as more news reports about the ransomware attack emerged, that seemed to confirm that user data was safe through this debacle. Other ISPs started to report more details, as well.

After much teeth-grinding, Mail2World posted an non-update on their Facebook Page. Huzzah! And their sales website came back online, more progress!

Day Four (January 15)

Early in the morning, Shentel reported email service may be restored in the next 24 hours. By some estimates, that would be extremely quick and efficient, but not unheard of.

By mid-day, a rare few M2W email accounts were able to send out messages, although they arrived with security warnings and other malformations. Still, it showed further progress!

As Day Four drew to close, a few users reported in about email arriving to their Mail2World accounts. We couldn’t declare a complete recovery yet, but some people were able to send off a few messages, and verify that their old emails were once again available.

Day Five (January 16)

I woke to reports of Shentel (Virginia) email users happy with their restored accounts. Reports from other states (Indiana, South Dakota, Ohio) were varied, but most showed some signs of functionality. Other countries (Sweden, Australia, Mexico) also reported in about recovery, again varied, with some at full email ability, while others still hampered or limited.

This outage was mentioned over at Slashdot, but still hadn’t garnered any national or large-scale news coverage.

For my part, I recommended to anyone with fully-restored ISP email, to call into to their internet providers for a refund or credit. Since Mail2World would surely pay a penalty to their ISP clients for the outage, I reasoned that that money should be passed along to the ISP customers themselves. And my experience with many ISPs is that: If you don’t ask, you don’t get!

Day Six (January 17)

Today I found that most people worldwide have their basic M2W email service back. But there are some outliers that are still waiting, in Sweden or Mexico. These folks tend to be individuals that have enrolled in free email service directly with Mail2World. I can only guess that they are low-priority, and may have a much longer repair time than the blocks of email addresses repaired for the large ISP customers.

If you’re still waiting for an M2W repair, I can only tell you to hang in there, keep waiting and reach out to Mail2World repeatedly as time goes on. You can call them at +1 (310) 209-0060, visit their website, check them on Facebook, or find their Twitter feed. Good luck!

Epilogue (March 9)

Most everyone I know has moved on from this issue. But I am still disappointed. There are many questions left unanswered: What ransomware or criminal group caused this? Was the attack successful because of employee error or a zero-day exploit? Was the ransom paid or not?

For my part, I’ve pinged M2W for 2 months, through FB/Twitter/email/LinkedIn, asking for more info. And today, I got a phone call from one of their agents. He explained that the matter has been investigated, mitigated, resolved and put to bed. All informative reports have been finished and submitted… to the ISPs and involved companies.

He didn’t have any press releases or documentation for me. Or for the masses of email users out there. All of the “post-mortem” reports have been sent to Shentel, Buckeye Broadband and similar companies. And those big ISPs might not share that info with us little people, because, well… lawyers.

But this kind gentleman who called me reiterated: The ransomware attack did not expose anyone’s email info. He briefly mentioned that a 3rd-party vendor made a mistake and left a port open somewhere, and bad actors capitalized on the vulnerability. Now that all the forensics and investigation is through, M2W has improved their security and procedures to prevent this from happening again.

USPS Operation Santa

The USPS needs your help! Their Operation Santa program has gone national this year, and they need generous people to help them answer letters sent to Santa.

This USPS program collects and posts Santa-letters from kiddos all over the USA. When you participate in the program, you can “adopt” a letter, respond to it appropriately and send a gift (as Santa) through regular USPS mail.

If you’re interested in fulfilling a child’s holiday wish, you should check out how it all works, as well as the FAQ, for this program. They’ve got all kinds of instructions and print-outs that make this easy to do.

Shentel Email Best Security Practices

Many of my clientele are in the Shenandoah Valley of Virginia, the home territory of an ISP named Shentel. And like many ISPs, Shentel provides free, courtesy email addresses to its subscribers. It’s like a mint on your pillow, except this mint needs some extra warnings on its wrapper and may give you some indigestion…

I can level a variety of criticisms against any ISP-provided email another time. For this post, I need to write on how Shentel customers can keep their email more secure. There are frequent scams targeting Shentel email addresses, and I want to help as many people as I can to tighten their defenses.

If you don’t have a Shentel email address, this post will not directly apply to you, but the overall security recommendations do. So please consider these points, and implement anything you are comfortable with!

Password Strength

I’ve helped with Shentel email users for almost 20 years now, and from the beginning, I’ve noticed Shentel doling out really weak passwords to their email addresses. In 2002, it was common for a brand-new Shentel email address to come with a 6-digit password. It was typically 3 letters (part of the person’s name), and 3 numbers (often the phone exchange of the user). To this day, I still encounter Shentel email addresses with these old, short passwords, like “abc465” and “joe933”.

If your email password is this short and simple, please change it now. Email thieves can determine such short passwords quickly, without hacking you or tricking you. There are password-guessing programs readily available on the dark web that anyone buy and use for this. And once they guess your password, they can use your email to start scamming your friends and family, or worse.

Changing your Shentel email password is easy, especially if you know your current password.

  • Go to the Shentel Webmail website and login with your email credentials.
  • Click the cogwheel icon to the upper-right.
  • When the Settings screen appears, click Password.
  • Type in your old password and then enter a new password on the next two fields.
  • Click Save and you are done!

Try to choose a password that is 8 or more characters long, and use a capital letter, a number and a special symbol. An example of a strong password is: Maverick20#21 .

If you do not remember your Shentel password, call Shentel at 1-800-SHENTEL and ask their tech support to change your password over the phone.

Recovery Options

If your password is strong enough, you should still visit Shentel’s Webmail website. Shentel is starting to implement Password Recovery Options for its email users, but you won’t see these if you use Outlook, Thunderbird or a Mail app to see your messages. You must go to their Webmail site!

When you visit that site nowadays, you will be prompted to set a recovery email and recovery phone number. Fill out and satisfy these items as best you can, and call Shentel for assistance if there’s any difficulty. These are important to do! If some bad actor invades your email next month, these will help you more quickly to regain control of your account.

Request 2FA to Be Implemented

The best security tool to prevent email abuse is 2FA. This stands for two-factor authentication, and adds an extra layer to the login process for an account. When you use 2FA, you first login using your password, and next have to enter a token or code sent to your mobile number or other security device. If someone steals your email password, the second step will block them from accessing your account.

Shentel does not offer 2FA on their email accounts and has a hard time answering my most basic questions about it. But many other email providers do offer 2FA. If you are going to stick with your Shentel email address, you might reach out to Shentel to ask them to consider adding this security feature. It would greatly reduce the number of hacked Shentel email accounts!

When In Doubt, Pick Up the Phone

If you receive an email, and something doesn’t seem right, take your hand off the mouse. Take a moment to think about what isn’t sitting right with you, and contact someone without using that email in front of you.

That means: if you want to contact Shentel, dial 1-800-SHENTEL or any support number that is printed on their bills. Do not use any number in the fishy email! Contact info showing in a suspicious email will often put you in touch with criminals. And those guys will be all too happy to pretend that they are with whatever company you say you’re trying to reach.

If you can’t reach the company for advice, call someone else. Talk to a trusted friend, police officer, church pastor or relative. Or drop me a line for a second opinion, I am happy to sound off on all things, legitimate and scammy! You’re even welcome to forward odd emails to me, and I will quickly write you back with my verdict of them.

Is Facetime Coming to Windows?

The answer to this is a bit dicey. Or nuanced. But the explanation is worth it for your safety.

The Basics

Facetime is an Apple-owned iOS app that allows you to video chat with people on their iPhones and iPads,. To date, Facetime has only been able to connect you with other iOS devices. That means if you’re on an Android phone or a Windows computer, you can’t use Facetime!

Upcoming Changes

But in the near future, the iOS on modern iPhones and Apple tablets is going to update to version 15. And that update includes a nice change to Facetime: You’ll then be able to send invite links to non-Apple users, and rope them into your Facetime video chats!

There’s nothing to install, when you do this. Non-Apple users will receive a link that opens the Facetime chat in a browser window. It will probably be similar to receiving a Zoom link. PC and Android users will (still) not be able to initiate a Facetime chat, as only iOS users get to do that.

Why Is This Important?

Unfortunately, the nuance of what’s developing is getting lost in the headlines. Many tech articles are already cheerleading with “Facetime Coming to Windows” and that isn’t exactly true. And it is leading people down bad paths.

When some folks see that kind of news, they immediately search the internet for “Facetime for Windows” or similar. And they find free programs or extensions that claim it will install Facetime on your device. And this leads to an infection or adware getting on their machines.

Please do not install anything that says you can put Facetime on your non-Apple device. It is surely false and will only cause you trouble.

Periods & Plus Signs in Gmail Addresses

periods & plus signs in gmail addresses

An email address are generally case-insensitive, that is, it doesn’t matter if you use capital letters or lower-case. But Google has a few more tricks up its Gmail sleeve. Let me describe how you might use extra periods and plus signs in Gmail addresses:

Periods: In any Gmail address, periods are ignored before the @ symbol. So feel free to add periods anywhere in the username portion, if it makes your email address easier to read or understand.

As far as Google is concerned, joedfragmented@gmail.com is the same as joe.d.fragmented@gmail.com is the same as Joe.D.Frag.Mented@gmail.com . But one may look better than another on a resume, while another may be easier to relay over the phone, so choose appropriately!

Plus Signs: Plus Signs are also ignored in any Gmail address, along with anything that comes after the plus sign, up to the @ symbol. That means you can customize your email address with any words you like.

Betsy.NoSpam@gmail.com might be your address, but feel free to use:

  • Betsy.NoSpam+fundraiser@gmail.com
  • Betsy.NoSpam+whitehouse@gmail.com
  • Betsy.NoSpam+amazon@gmail.com

Messages sent to those extra addresses will still get through to you at your normal address. But the Plus Sign info will still be visible to you on the mail you receive. You can use this tool to know when someone is sharing or selling your info. And you can also use this in writing email rules!

Let’s say you give out Betsy.NoSpam+lottery@gmail.com for a contest. And after you didn’t win anything, you noticed a lot of spam coming in, sent to that +lottery-address. In Gmail (or your mail client), you could then write a Rule or Filter to auto-delete everything sent to that particular address.

Text to 911

In case of an emergency, many parts of the USA support Text to 911. This technology allows you to contact 911 for help via text message (SMS).

The FCC reminds everyone that you should place a voice call to 911 whenever possible.

Much of the Shenandoah Valley((Warren County, VA has assured me they support this tech, even though they are not on the FCC list)) is covered, as shown on the FCC’s Public Safety list. Please feel free to verify other American cities and counties using that list. Or, reach out to your local police department or county offices to ask.

For more details, read up at the main FCC page for this technology.

Do Not Harass a Phone Scammer

I just saw some really bad advice on Reddit. Someone suggested that when you take a call from a scammer, you should put some effort into complaining, to waste their time and convince them to not call anymore. Please do not do this.

The chance of you convincing a scammer to change their deceitful ways is fairly close to zero. No one will remove you from their scammer call list, and in fact, they may deliberately pass your info around to other scam-call companies. There is no version of this phone call where you gain anything of value from it. But also, there is a small risk of danger.

In rare instances, a scammer may swat their victim. Swatting is when someone reports a fake emergency to the police, that targets a victim and their residence. The swatter may lie about a bomb threat or a domestic situation, leading police to speed to the scene. I will state the obvious here: You do not want the police coming to your door, weapons at ready, prepared for a violent situation.

Swatting is rare, but it does happen. Some scammers are just that evil, and secure in the thought that they cannot be tracked down. So the safest thing to do in the face of a scam phone call is to simply hang up, without further comment.

Shentel Email Scam for April 2021

Shentel Email users, beware the latest email scam coming to your inboxes!:

Phishing Email that shows the Shentel name

This message is not from Shentel! If you look closely, you’ll see it came from an odd address ending in “buckeye-express.com”. DO NOT CLICK the Update button, as it will take you to a deceptive website.

I’ll show that website here, without putting you at any risk:

Phishing Website that uses the Shentel name and logo

At a quick glance, this site looks legit, because they’ve stolen the Shentel logo, as well as the new Shentel Webmail icon. And the URL (web address) even has “Shentel” in it. It all feels very familiar…. But a Weebly.com address is something anyone can create, so this website was created by a bad actor. A true Shentel website would end in “shentel.net” or “shentel.com”.

If you received this message and went to this website, I hope that you didn’t fill out the fields. Anyone who types in an email and password on that site is actually delivering their logon credentials directly to some scammers. They will immediately log into your Shentel email at their true webmail site, and start abusing your address. I don’t yet know what these guys are up to, but email phishers often start emailing everyone in your address book with other ploys and lies.

If your email has been compromised, call Shentel immediately at 1-800-SHENTEL, and ask their tech support to change your password and inspect your account for other nefarious changes. And if you need any extra help, consider BlueScreen Computer as your backup option!

Unify Your AOL Inbox

AOL users may be used to a bifurcated inbox, that shows New Mail and Old Mail. Not everyone is happy with this inbox behavior, because as soon as you view and close a new message, it vanishes. The now-closed message automatically hops from New to Old, and you’ll have to switch folders to find it again.

AOL allows you to unify your inbox, so that it shows all of your mail in one Inbox, just like most other webmails. Here’s how to turn that option on:

  1. Go to your AOL Mail in any browser.
  2. Click Options in the upper-right corner, and then click Mail Settings.
  3. Scroll down to find Inbox Style, and select the bubble for Use Unified Inbox Style.
  4. Scroll to the bottom and click Save Settings.

With one folder for all your inbox emails, every message will now stay put in the list, after you close it.

Preserving a Voicemail Message

Let’s say you have a special voicemail message. Maybe it’s critical to a lawsuit you’re involved with. Or perhaps it’s a precious memory from a long-lost friend. If it’s important to you, then it needs to be protected! Don’t take your voicemail for granted, as it can be deleted or lost, like computer data.

If you have a valuable voicemail on your smartphone, please know that you can copy it to other locations, and then back it up. Here are some possibilities:

iPhone users: Tap on a voicemail, and then look for the Share button (looks like a box with an arrow pointing out of it). Tap that Share button to find a wealth of options. You should be able to copy the voicemail to Notes, Voice memos, or even attach it to an email message.

Android users: Tap on a voicemail and look down low for a Send To… option. Tap this to reveal choices for saving the recording to Google Drive, attaching it to a text message or sending it along in an email.

If you don’t see a Send To… option on your Android device, play the voicemail all the way through to the end, and then check again. If your phone still doesn’t offer that option, tap or tap-and-hold on the voicemail and look for pop-up options like Save or Save to Phone.

My preference is to email the audio message as an attachment. Creating an email is an easily-saved item, but also, the attachment is usually a universal MP3 file, which can later be downloaded, saved to a computer, backed up to another drive or shared with any other computer user.

Safeguarding a voicemail sent to a landline is a different ball of wax. Every telephone company is different from the next. Comcast, for example, allows for voicemail web access if you are an Xfinity Voice customer, and you can download/save voicemail files from their website. Shentel, on the other hand, offers no voicemail backup tools. If this becomes important to you, contact your specific provider to ask what is possible with their phone service. Or consider making a re-recording using another device, as described in this article.

« Older posts Newer posts »

© 2024 BlueScreen Computer

Theme by Anders NorenUp ↑