Category: Internet (Page 1 of 4)

Mail2World’s 2022 Email Outage

On Wednesday, 1/12/2022, an email provider named Mail2World disappeared from the internet. They’re a modest company based in California that provides email for millions of people worldwide. They handle the email service for many different ISPs (including Shentel, Buckeye Broadband, and SRT), as well as for individuals and small businesses. Information on this outage was challenging to come by, so I’m going to chronicle what I saw and learned during this event, below.

Day One (January 12)

Around 7AM EST, all email service with Mail2World stopped. For the entire day, no answer were forthcoming. People calling their ISPs got only vague explanations: “Email is completely down, we have no ETR.”

Those that contacted Mail2World directly received an unprofessional response. I had hoped they would issue a press release or a Pinned Post on Facebook. But, ironically commenting on an older Facebook Post about “improving your chances of getting your email read,” Mail2World shared only a few vague tidbits. It was nothing informative (“Please be advised that we’re fully and diligently working on the current email service outage.”) and only aggravated their clients further.

Day Two (January 13)

With email still down, Mail2World told some ISPs to expect a 3PM EST recovery time. But that deadline came and went, and everyone had to face the fact that nothing would be restored this day.

An astute gentleman pointed out a breaking news story (alternate link) about a ransomware attack and suggested it explained the outage. I called the ISP mentioned in the story and got confirmation: Mail2World is their email provider, and a ransomware attack had brought them down.

Day Three (January 14)

The outage continued, but progress could be detected, even without comment from M2W or ISPs. Using DNS detection websites, people could see that Mail2World DNS entries were coming back online, across the globe.

Repeatedly contacting Mail2World, I could only get the briefest assurance from M2W that no one data was compromised or stolen. And as more news reports about the ransomware attack emerged, that seemed to confirm that user data was safe through this debacle. Other ISPs started to report more details, as well.

After much teeth-grinding, Mail2World posted an non-update on their Facebook Page. Huzzah! And their sales website came back online, more progress!

Day Four (January 15)

Early in the morning, Shentel reported email service may be restored in the next 24 hours. By some estimates, that would be extremely quick and efficient, but not unheard of.

By mid-day, a rare few M2W email accounts were able to send out messages, although they arrived with security warnings and other malformations. Still, it showed further progress!

As Day Four drew to close, a few users reported in about email arriving to their Mail2World accounts. We couldn’t declare a complete recovery yet, but some people were able to send off a few messages, and verify that their old emails were once again available.

Day Five (January 16)

I woke to reports of Shentel (Virginia) email users happy with their restored accounts. Reports from other states (Indiana, South Dakota, Ohio) were varied, but most showed some signs of functionality. Other countries (Sweden, Australia, Mexico) also reported in about recovery, again varied, with some at full email ability, while others still hampered or limited.

For my part, I recommended to anyone with fully-restored ISP email, to call into to their internet providers for a refund or credit. Since Mail2World would surely pay a penalty to their ISP clients for the outage, I reasoned that that money should be passed along to the ISP customers themselves. And my experience with many ISPs is that: If you don’t ask, you don’t get!

Day Six (January 17)

Today I found that most people worldwide have their basic M2W email service back. But there are some outliers that are still waiting, in Sweden or Mexico. These folks tend to be individuals that have enrolled in free email service directly with Mail2World. I can only guess that they are low-priority, and may have a much longer repair time than the blocks of email addresses repaired for the large ISP customers.

If you’re still waiting for an M2W repair, I can only tell you to hang in there, keep waiting and reach out to Mail2World repeatedly as time goes on. You can call them at +1 (310) 209-0060, visit their website, check them on Facebook, or find their Twitter feed. Good luck!

Lack of Policing on Facebook

Yesterday, I reported a scam from a Facebook group. And an autoreply quickly arrived, stating that their “technology” had reviewed my request and found nothing to act on. I then chose the option to Request a Second Review, because they got it wrong. That got me this disappointing response:

This suggests that they put more manpower towards moderating issues involving loss of life and limb. And they put less or no effort into preventing fraud and deception. On Facebook, you will get support if your life is threatened, but not if someone is only trying to lie, cheat and steal from you.

I especially take issue with their bulleted list at the end. This just doesn’t set well with me. If I see someone on a street corner trying to scam my neighbors, would I walk away and ignore the scammer? Go in my house and forget the crime I just saw? How does that help keep things safe for everyone?

I apologize for taking a sharp tone over this. But this shows why Facebook (and much of the rest of the internet) is so hazardous. I liken it to the Wild West. We do not have as much protection or support on the web as we do when we are walking down Main Street in Small-Town America.

When you see something wrong on Facebook, you should still report it. But you may want to go further, because Facebook does not always have your back. When the questionable post is in a Facebook Group, also report it to the admin(s) of the group. The admin is usually a local person who cares more than Facebook, and will respond in a more nuanced manner.

You could also comment on the offending material, to give public notice to others. But even the most non-confrontational comment can trigger a backlash from a hostile criminal. Always go to an admin if you need discretion in dealing with something.

Creating QR Codes

Once you see how easy it is to use QR codes, you may want to make your own. Good news! There are plenty of sites where you can make your own QR code for free, and download/save/print it immediately:

QR Code Generator

QR Code Monkey

My WiFi Sign

Explore these sites and learn all the possibilities for QR codes. You can make a WiFi poster for your coffeeshop. A graphic for your business card that links to your FB Page. A sign that connects your clients to your online menu.

And if you just need a quick QR code for a website, just load it in Chrome. Click the Share icon at the end of the address bar, and then choose QR Code. Google will give you a QR code on the spot!

Duct Cleaning Scams on Facebook

Another common scam you may see on Facebook occurs mostly in Facebook Groups. If your town, county or region has a Group Page, you may see these amazing offers for duct cleaning service.

Warning Signs of a Duct Cleaning Scam

Suspect a scam if you notice:

  • They don’t state a concrete business name or website address.
  • The FB account of the poster has newly joined the group and shows little to no activity on their profile.
  • A vague discount is promised, with no explicit pricing, or a flat fee is offered for cleaning unlimited ducts and vents.
  • Their phone number turns up no Google results.
  • They won’t give their licensing or NADCA info on demand.
Duct Cleaning Scam post from Facebook

A legitimate company is going to state their contact info clearly and readily. Real businesses want to make it easy for you to contact them through various means (phone, email, website), so it should be a red flag to you if you’re not seeing that info immediately. And real duct cleaning outfits will not dodge questions about their business or NADCA licensing.

Scam Details

I haven’t experienced the end-game of these scams myself, but we can get some ideas of what the scammers’ goals are. Check out this Facebook Page for a scam duct cleaning outfit. Read the reviews, and you’ll see what some people are accusing them of doing. Listen to this professional detail how these scams affect his legitimate company. And consider what happens in these tawdry exposes.

Once you absorb all of that, take a step back, and let it all gel in your mind. It starts to look like Facebook is the base of operations for a crime referral network, connecting duct-cleaning scammers to victims all over the USA!

Dos and Don’ts

If you see a duct cleaning scam, don’t waste your time contacting the poster. Don’t give them any personal info, because they could share it with other scammers. And don’t let questionable people into your home! The most you can do is report the post to the admins of the FB Group as a scam. And if you’re an admin of such a FB group, you’ll want to remove the post ASAP to protect your group members. Track down and remove the scammer’s account from your group, too!

You can try to report things to Facebook, as well. But they aren’t too responsive. Since the actual crime is occurring off-Facebook, moderators don’t see anything actionable. I’ve reported countless duct cleaning scams, to no avail. It’s pretty much up to us to keep alert and look out for each other.

Facebook Reaction Preferences

Facebook added a subtle feature this year involving the Reactions on the posts in your Feed. If you want, you can hide the number of Likes on your posts from other people. Also, you can hide the number of Likes that you see on others’ posts in your Newsfeed and in your Groups.

You’ll still see if someone has clicked Like on a post, but the number will be absent. And you’ll still see the number of Likes on any Post that you’ve created yourself.

Number of Likes hidden from view

If you’ve found those numbers intimidating or bothersome in any way, you might turn them off for a while and see if you enjoy Facebook a little more afterwards. And this feature is something you can toggle off and on again with no ill effect.

In a browser on your computer, you can find this feature when you:

  1. Go to Facebook.com
  2. Click the Account button to the upper-right.
  3. Go to Settings & Privacy, then to News Feed Preferences.
  4. Click Reaction Preferences and adjust the two toggles as you wish.

In the Facebook app on your mobile device, you can try:

  1. Tap the hamburger icon to the upper-right.
  2. Scroll down and tap Settings & Privacy, then tap Settings.
  3. Tap Reaction Preferences and adjust the two toggles as you wish.

ISP Data Collection

I hear from many people who are grumpy about all the personal information that Google and Microsoft are collecting. And I won’t deny that those companies are making money off of your web searches and use of their software. But I want to challenge you to think in a different direction. Did you know that your ISP is doing the same thing?

The company selling you your internet connection (Shentel, Xfinity, Verizon, Spectrum and more) collects data about you. Everything you do over their internet connection is fair game. And while they are sworn to protect your privacy, they are also allowed to use their collected data to advertise to you, or sell your data to 3rd-party companies.

The FCC made an attempt to limit this practice in 2017, but did not succeed. The FTC has been studying ISP Data Collection Practices, but it remains to be seen what good will come of their reports.

So what can you do about this? I don’t have a perfect answer or silver bullet for you, but here are some ideas:

Contact your ISP and use any tool they offer to opt-out of their data collection practices. While the law allows them to hoover up your data and make money off of it, they are also legally obligated to give you a way to opt-out!

You could use a VPN. Or Private Browsing mode. Or the Tor browser. But none of those are great solutions, and I don’t recommend them. ISPs may still gather info about you, despite your use of these tools, and they’ll cost you money or time as you try them. The root of the problem (the law) is not addressed by these tactics.

Communicate with your state legislators, and ask them to promote laws that deal with this issue. Some states have legislation in the works that may clamp down on ISP Data Collection. Let your government know how you feel about your personal information and what ISPs are allowed to do with it!

Privacy-Oriented Search Engines

Most searches on the internet are carried out through Google Search. But not everyone wants to use Google, Bing or the other big search engines. These companies usually track you through your searches, and use that information to better advertise to you.

If you’re looking for a search engine that respects your privacy more or collects less of your data, here are some safe & easy alternatives to try:

DuckDuckGo

Ecosia

You.com

Brave Search

Startpage

Swisscows

These search engines may still rely on Google search results or other big engine technology. But if you read their promises, they’ll still gather less info on you, and prevent the big companies from studying you as you search the web.

Dollar General Scam on Facebook

I’ve written before about a Lowes scam on Facebook, and the latest Dollar General scam is taken from the same playbook. If you see this post, claiming to offer free $30 vouchers from DG, know that it is a scam. Please don’t trust it or share it. If possible, report it to Facebook.

How do to tell that it’s a scam? There are some details to look out for:

First, visit the real Dollar General Facebook Page. On that page, you’ll see a blue badge stating this is a verified, authentic business page. Facebook has checked the identity of this page to make sure it’s not an impostor. You won’t see that badge when you go to the “Dollar General Fans” page.

Also consider: the true Dollar General Facebook Page has 3.4M Likes. The fake-Dollar General Facebook Page has 4,000.

The real Dollar General FB page was created in 2009, if you look under the Page Transparency section. The scammer’s page was created yesterday.

Here’s what’s so bad about this type of scam:

When you click Like on something, Facebook automatically promotes it to your Friends. Your connections on Facebook will probably see “John Doe Liked the Dollar General Voucher Giveaway” and they may visit the scam and click Like. And then their Friends will see what they Liked, leading them to visit the scam… It’s a bit like a toxic chain letter.

Next, here are some directions the scam may go:

1) A person running the promotion contacts you over FB Messenger to say that you’ve won! But first they need your name, address, DOB, and driver’s license info, credit card #. They claim you cannot claim your prize unless you comply, and this is all done to verify who you are.

2) Someone messages you to say that you’ve won and the prize is on its way, After they get your mailing address, they send you a check. For the wrong amount! They’ve sent a check for $1035, and they ask you to send them $1000 back. If you comply, you’ll soon be out $1000 thanks to a kind of fake check scam.

3) The Page manager contacts you, asking for your email, so that he can send you an official Winner document. You have to fill it out to claim your prize. But when you receive the attachment, it asks to install something on your computer.

The 1st example can lead to identity theft. The 2nd is a quick way to take untraceable money from you (and they’ll probably contact lots of people with this line, not just one lucky winner). And the 3rd is a common method of making people install malware on their computers.

There is no $30 Voucher Giveaway, no one will win anything from this! If you’ve interacted with this or any other Facebook scam Page, please: Unlike the Page or posts, delete any Shares you’ve made and report the Page to Facebook. Facebook might move faster to address the scam if it receives a higher volume of reports about it.

Last year, this scam was a chance at a free RV from a big mid-west company. Next month, it could be free Starbucks coffee for a year or government loan forgiveness. This sort of scam will keep happening on Facebook, a different bait each time. But the tactics and telltales will be the same. Stay dubious, my friends!

ISP Equipment: Rent Vs. Own

If your ISP requires you to have a modem, then you may have an important choice to make. It’s worth thinking about!

Some people rent or buy their equipment (modem, WiFi router or combo device) from the ISP. Others go out to a store to buy something they like. There are pros and cons to each of these. You should choose, based on two topics: your tech-ability and what your ISP allows.

ISP Allowances

Every ISP has different rules about their internet equipment, so you may have many options, or be very restricted. You’ll want to call them or check their website for their rules. They may have a list of specific modems that are allowed or prohibited for use with their service. They may offer to sell you a modem, or tell you that they only rent their modems, for a monthly fee.

You’ll want to study the associated prices, to make an informed decision. Ask about the rental prices vs. the purchase price for a modem, and you may find that one way saves you money over another. The Amazon price of a modem could be half of what the ISP charges for the same model.

Computer Skill Level

Are you skilled with technology? Can you fix your own computer problems? When your internet goes out, how comfortable are you at troubleshooting your own problems? Do you have someone in your household that takes care of that for you?

If you don’t have a comfort level for fixing computer problems, or if you don’t have tech-help close at hand, then you should strongly consider using the modem that your ISP provides. If they won’t sell it to you, then consider renting it. Using the ISP-provided equipment will make it easier for them to resolve your future internet issues. Consider this scenario:

Becky gets her internet service from Metamucil Fiber LLC, and she had the choice of renting her modem for $13/mo. But she’s thrifty and she went to buy her Piyala-brand modem from the local Malwart for $100. She patted herself on the back, because in less than a year, she was saving money by not renting her equipment.

But one day her internet goes out, and she doesn’t know what to do. She calls Metamucil, and they refuse to help her much. Why? Because she’s not using their modem, and they only train their reps on how to fix their equipment. They tell her to call Piyala for tech support.

She calls Piyala, and they aren’t much help, either. Why? Because they aren’t familiar with Metamucil Fiber. They ask Becky questions like Is their DSL PPPoE? and What’s their DNS server names? Piyala needs more info from Becky before they can do much. She doesn’t know what to tell them and feels overwhelmed.

In this scenario, Becky can struggle, going back and forth between two helplines, but the struggle is real. As in: really aggravating. She can also call in a professional tech, like yours truly, but that can result in a significant bill that may wipe out what money she saved by buying her Piyala modem. In the end, Becky may come to regret buying her modem from Malwart. If she had rented and paid the ISP’s monthly fee, then Metamucil wouldn’t’ve passed her off so quickly. They would’ve had to support her 100% with her problem!

The TLDR Point

I apologize for so many words, but the end point is this: If you can’t fix your own tech, then you should get your ISP modem from your ISP. This puts the ISP “on the hook” for supporting you in times of trouble. If you buy someone else’s modem, then the ISP might refuse to help you later on.

Shentel Email Best Security Practices

Many of my clientele are in the Shenandoah Valley of Virginia, the home territory of an ISP named Shentel. And like many ISPs, Shentel provides free, courtesy email addresses to its subscribers. It’s like a mint on your pillow, except this mint needs some extra warnings on its wrapper and may give you some indigestion…

I can level a variety of criticisms against any ISP-provided email another time. For this post, I need to write on how Shentel customers can keep their email more secure. There are frequent scams targeting Shentel email addresses, and I want to help as many people as I can to tighten their defenses.

If you don’t have a Shentel email address, this post will not directly apply to you, but the overall security recommendations do. So please consider these points, and implement anything you are comfortable with!

Password Strength

I’ve helped with Shentel email users for almost 20 years now, and from the beginning, I’ve noticed Shentel doling out really weak passwords to their email addresses. In 2002, it was common for a brand-new Shentel email address to come with a 6-digit password. It was typically 3 letters (part of the person’s name), and 3 numbers (often the phone exchange of the user). To this day, I still encounter Shentel email addresses with these old, short passwords, like “abc465” and “joe933”.

If your email password is this short and simple, please change it now. Email thieves can determine such short passwords quickly, without hacking you or tricking you. There are password-guessing programs readily available on the dark web that anyone buy and use for this. And once they guess your password, they can use your email to start scamming your friends and family, or worse.

Changing your Shentel email password is easy, especially if you know your current password.

  • Go to the Shentel Webmail website and login with your email credentials.
  • Click the cogwheel icon to the upper-right.
  • When the Settings screen appears, click Password.
  • Type in your old password and then enter a new password on the next two fields.
  • Click Save and you are done!

Try to choose a password that is 8 or more characters long, and use a capital letter, a number and a special symbol. An example of a strong password is: Maverick20#21 .

If you do not remember your Shentel password, call Shentel at 1-800-SHENTEL and ask their tech support to change your password over the phone.

Recovery Options

If your password is strong enough, you should still visit Shentel’s Webmail website. Shentel is starting to implement Password Recovery Options for its email users, but you won’t see these if you use Outlook, Thunderbird or a Mail app to see your messages. You must go to their Webmail site!

When you visit that site nowadays, you will be prompted to set a recovery email and recovery phone number. Fill out and satisfy these items as best you can, and call Shentel for assistance if there’s any difficulty. These are important to do! If some bad actor invades your email next month, these will help you more quickly to regain control of your account.

Request 2FA to Be Implemented

The best security tool to prevent email abuse is 2FA. This stands for two-factor authentication, and adds an extra layer to the login process for an account. When you use 2FA, you first login using your password, and next have to enter a token or code sent to your mobile number or other security device. If someone steals your email password, the second step will block them from accessing your account.

Shentel does not offer 2FA on their email accounts and has a hard time answering my most basic questions about it. But many other email providers do offer 2FA. If you are going to stick with your Shentel email address, you might reach out to Shentel to ask them to consider adding this security feature. It would greatly reduce the number of hacked Shentel email accounts!

When In Doubt, Pick Up the Phone

If you receive an email, and something doesn’t seem right, take your hand off the mouse. Take a moment to think about what isn’t sitting right with you, and contact someone without using that email in front of you.

That means: if you want to contact Shentel, dial 1-800-SHENTEL or any support number that is printed on their bills. Do not use any number in the fishy email! Contact info showing in a suspicious email will often put you in touch with criminals. And those guys will be all too happy to pretend that they are with whatever company you say you’re trying to reach.

If you can’t reach the company for advice, call someone else. Talk to a trusted friend, police officer, church pastor or relative. Or drop me a line for a second opinion, I am happy to sound off on all things, legitimate and scammy! You’re even welcome to forward odd emails to me, and I will quickly write you back with my verdict of them.

« Older posts

© 2022 BlueScreen Computer

Theme by Anders NorenUp ↑