NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

ShirinS's avatar
ShirinS
Aspirant
Jun 21, 2017
Solved

Spam email RE R7000 Firmware?

I received 5 emails about firmware vulnerability for the R7000. Is this spam? Email is below. From: "NETGEAR Security" <NETGEARSecurity@e.netgear.com> Date: June 21, 2017 at 9:21:10 AM PDT Subjec...
Firmware
Security
  • LegendXXX's avatar
    LegendXXX
    Jun 29, 2017

    It's working now.  It seems to have been down for a couple of days.

J_A_User's avatar
J_A_User
Initiate
Jun 23, 2017

I too received the very same worded Netgear notice for another Netgear product on that date.  Mine has been updated to latest firmware many months ago.  In researching other user's experience, I came across the following post,

 

"The origiinal message source indicates the message was sent from a server with the IP
address 136.147.187.62. A WhoIs query indicates that IP address belongs to either
Salesforce.com, Inc. in San Francisco or else ExactTarget, Inc. in Indianapolis. According
to Wikipedia, ExactTarget was the original name of Salesforce.com; but neither is
connected to Netgear.
The return E-mail address domain was NOT netgear.com but e.netgear.com. A DNS
lookup for netgear.com yields the IP addresses 54.200.99.0 and 54.218.118.186, both of
which belong to Amazon. A DNS lookup for e.netgear.com, however, yields the IP address
68.232.201.28, which belongs to ExactTarget.
Since the US-CERT (an agency of the United States Department of Homeland Security)
has not reported a Netgear security vulnerability for June, this whole mess smells."

 

Given the range of products that seem to have been reported as needing security updates, does anyone know if Netgear has seen/commented on this matter?

thelemonkid's avatar
thelemonkid
Luminary
Jun 23, 2017

J_A_User

 

Thank you for your excellent detection work! Indeed I also had my doubts about the origins of the mail that was sent. But an employee of Netgear ElaineM, assured us that it was in fact a Netgear sent (spam) mail. I use the word spam here because after all this is such a piece of unnecessary mail that it defines as such. It does not inform the users, it is not compiled like a 'remember to' or 'be sure to check the download section from time to time' mail. Instead it makes the user believe that it is absolute essential to update now and straight away. While there is no reason to do so right now because a of new infection that will take over all that is digital.

 

But I don't understand why:

 

1) The sender is not Netgear but another address

2) The mail talks about security but has CLICKABLE LINKS ....... (did someone at Netgear ever read about security...???)

 

It is so weird that the mail is not really netgear that it is striking!

 

Just recently a scam was discovered where senders would use Cyrillic, Chinese, Thai or other Characters that most western users do not have on their computer. Those characters were then transformed into western letters by the software on the users computer. In a browser like Firefox these look like legitimate addresses. So when you click on them you would end up a a site that looked legitimate but was infact a complete different address written in another language. However in the addressfield you could not see that!

 

So I never trust mails sent out by a company when it has a clickable link. But apparently at Netgear they don't take your security serious. And from your e-mail I fear that our e-mail addresses are in the hands of some marketing companies, thanks to Netgear.

 

  • bjwierda's avatar
    bjwierda
    Aspirant
    Jun 23, 2017

    Wakeup NetGear, Reply already !!!

    As mentioned above this whole mail thingy doesnt make any sense at all, and got me worried.

     

    If its from Netgear its made by an amature