I've received an email from firstname.lastname@example.org with a warning about a device on my home network potentially having malware:
"Our reference: VMIS5-MALWARE-F008407148"
"To protect our customers, we work with a number of not-for-profit organisations that gather information about internet connections that appear to be at risk of things like malware infections. On11 September 2020, one detected that gumblar, a piece of malware, was present on a device using your internet connection."
To my understanding Gumblar is a trojan from 2009 which targets devices with older Windows OSs, i.e. pre-Windows 7. None of the devices on my network have these OSs, however despite this I have run checks on all Windows devices using both antivirus software and Malwarebytes, and all came up negative for Gumblar.
Is this email legitimate, and if so, could it be a false positive given that multiple anti-malware scans have turned up nothing? Could my works VPN have anything to do with it since those have been known to trigger false positives?