Emergency Help
I Got a Suspicious Sign-In Alert
A "new sign-in" or "unusual activity" notice can be real, harmless, or a scam. Here's how to tell — and what to do.
These alerts spike your heart rate, but many are harmless — and some are themselves the scam. Let's work out which kind you're looking at.
How to handle a suspicious sign-in alert
Decide whether the alert is real before you act — and never through the alert's own link.
- Check whether the activity matches something you (or a trusted person) actually did.
- Never click a link inside the alert — open the account by typing its address or using your app.
- From the real account, review recent activity and active devices.
- If a sign-in is genuinely unfamiliar, change the password and sign out all other sessions.
- Turn on app-based or hardware-key two-factor authentication.
Frequently asked questions
Are "new sign-in detected" emails usually fake?
They can go either way. Real providers do send them, but scammers copy the format exactly to panic you into clicking. The safe rule: ignore the link and check the account by opening it yourself.
Someone tried to log in but failed. Am I in danger?
A failed attempt means your password held. Still, treat it as a prompt to make sure that password is strong and unique and to turn on two-factor authentication, which blocks attackers even if they later get the password.
How can I see everywhere my account is logged in?
Most major services have a "security", "devices", or "recent activity" page listing active sessions with location and device. Open it directly from the account settings and sign out anything you don't recognise.
This is general guidance for common situations, not legal or financial advice. When large sums or physical safety are involved, contact your bank and local authorities directly.