An unauthorized log-in attempt notification is a communication sent, normally via email, by service providers to alert a user about suspicious or unauthorized access to their account, whether successful or attempted. The purpose of such emails is to inform users promptly when there is a potential security threat, allowing them to take action to secure their account.

The contents of such notification will generally include:

• Notification:
  The email will start by informing the user that there has been a log-in attempt that appears to be unauthorized or suspicious.
• Details:
  It should provide details such as the date, time, and location of the attempted log-in. The email may include information about the device used for the login attempt, the IP address, and the geographical location of the device.
• Recommendations:
  To help the user secure their account, the email may provide recommendations on what steps to take next. This could include changing the password, enabling 2FA, and contacting support.

Below are two legitimate unauthorized log-in attempt notification emails:

Unauthorized Log-in Attempt Notification Scam

Unfortunately, scammers also use this as part of phishing attack campaigns. They do so by creating their own fake notification emails, impersonating companies like Instagram, Facebook, Apple, and Google and sending them out at random. The aim is to panic the would-be victim and lure them into clicking onto an attached phishing link in order to “secure the account”.

The phishing link will lead to a fake webpage where the victim’s personal data will be harvested. At that point it can be sold on the dark web, with the very real threat of identity theft now arising. The following are two scam emails:

When receiving such emails, be on the lookout for strange layout and poor grammar. If in doubt, go to your account directly where the same notification should be waiting for you — if it’s legit. If in doubt, contact customer support where you can ask if the notification is legitimate — this will also help the service provider by bring to their attention phishing scam attempts using their name. 

The following are where to go for reporting suspicious communication for some major companies:

• Facebook report
• Instagram report
• Google report
• Apple report
• Twitter/X report
• Amazon report

Protecting Your Identity and Personal Info

Compromised personal data can have serious consequences, including identity theft, financial fraud, and job losses. The best thing you can do is a) have reliable cybersecurity protection, and b) ensure you will find out ASAP in the event of being affected. We would encourage readers to head over to our new ID Protection platform, which has been designed to meet these challenges.

With ID Protection, you can:

1. Check to see if your data (email, number, password, credit card) has been exposed in a leak, or is up for grabs on the dark web;
2. Secure your social media accounts with our Social Media Account Monitoring tool, with which you’ll receive a personalized report;
3. Create the strongest tough-to-hack password suggestions from our advanced AI (they’ll be safely stored in your Vault);
4. Enjoy a safer browsing experience, as Trend Micro checks websites and prevents trackers.
5. Receive comprehensive remediation and insurance services, with 24/7 support.

Offering both free and paid services, ID Protection will ensure you have the best safeguards in place, with 24/7 support available to you through one of the world’s leading cybersecurity companies. Trend Micro is trusted by 8 of the top 10 Fortune 500 Companies — and we’ll have your back, too.

Why not give it a go today? As always, we hope this article has been an interesting and/or useful read. If so, please do SHARE it with family and friends to help keep the online community secure and informed — and consider leaving a like or comment below.