NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
False Firmware Update Alert
I have two Netgear Routers; the D7800 in this post and a WN3000RPv3 extender. Today I received an email with the following Headers: From: NETGEAR Security <security@e.netgear.com> To: <my corr...
I've just spotted something in the email that I had missed (the text is very small and my eyes are dim).
The attached screenshot shows the Version numbers that the updates cover. These are the versions that I installed about a week ago so Netgear aren't pre-empting updates they're simply sending the reminders late!
Do Not Trust email for this kind of stuff....
This is a scam.
additude wrote:Do Not Trust email for this kind of stuff....
This is a scam.
If it's a scam, then that is extra worrying. How did the scammer get hold of my email address? I have a SOHO Web and Mail server account with a major Web hosting Company and create a different email address for every company that I do business with. If the message had been sent to one of my other addresses, then I would have know immediately that the message was a scam, because any message from Netgear would have used the address that I registered my products with. This message used the correct address and not only that, the sender knew exactly which router products I own....
Hmmm. While I was mulling this over, I got a sense of deja vu, so I looked back through my earlier posts and discovered that I had exactly the same thing happen last September and I had posted an almost identical query (I am getting old you know).
On that occasion, the message was correct, but the Netgear servers weren't offering the updated firmware to the Router when the 'Check for Updates' button was pressed, even though it was on the Support Website. This time there is no updated firmware available for either of my devices on the Support Website either, so I can only assume that updates are on the way but haven't made it to the servers yet.
So. Netgears's mailserver throwing a wobbly is looking favourite at the moment.
Well, your email address is part of a mine of email addresses harvested and readily available on the internet. A spammer doesn't care if you have Netgear equipment or not. The spammer knows that someone in their email broadcast will and that person will want to take action.
Even if you didn't own Netgear eqpt.. you will still receive the email....
There is other discussion of this here:
Just like what if a spammer sent you an email that said your Wells Fargo Bank Account has been compromised and that you needed to follow the link in the email and log into your Wells Fargo Account to verify everything is OK....
If you didn't have a Wells Fargo account you'd probably ignore and delete the email.....
But if you had a Wells Fargo account.... you might click that link and try to log into your Wells Fargo account.....
Only it wouldn't be your Wells Fargo account and you would have just given the spammers your account credentials...
Just because the email says it came from Netgear...doesn't mean it has....
I can put any return address on any paper USPS mail envelope that I want.... it doesn't mean that it came from there...
Be safe.
additude wrote:Well, your email address is part of a mine of email addresses harvested and readily available on the internet. A spammer doesn't care if you have Netgear equipment or not. The spammer knows that someone in their email broadcast will and that person will want to take action.
Even if you didn't own Netgear eqpt.. you will still receive the email....
I agree. A spammer doesn't know if I have Netgear equipment and neither does he know which Netgear equipment I have, For the spammer to pick the very two Routers that I own implies amazing luck or access to Netgear's servers....
I don't believe the amazing luck scenario and I doubt that Netgear's servers have been compromised (although it is still possible). I'm now accepting that the message did come from Netgear and simply waiting for the updates to appear (or not, as the case may be). Whatever the cause of this false message it's annoying and a huge wasre of time.