'%3e%3cpath%20d='M0,0%20v30%20h60%20v-30%20z'%20fill='%23012169'/%3e%3cpath%20d='M0,0%20L60,30%20M60,0%20L0,30'%20stroke='%23fff'%20stroke-width='6'/%3e%3cpath%20d='M0,0%20L60,30%20M60,0%20L0,30'%20stroke='%23C8102E'%20stroke-width='4'%20clip-path='url(%23s)'/%3e%3cpath%20d='M30,0%20v30%20M0,15%20h60'%20stroke='%23fff'%20stroke-width='10'/%3e%3cpath%20d='M30,0%20v30%20M0,15%20h60'%20stroke='%23C8102E'%20stroke-width='6'/%3e%3c/g%3e%3c/svg%3e)
UK
%20--%3e%3cuse%20href='%23s'%20x='0'%20y='0'/%3e%3cuse%20href='%23s'%20x='494'%20y='0'/%3e%3cuse%20href='%23s'%20x='988'%20y='0'/%3e%3cuse%20href='%23s'%20x='1482'%20y='0'/%3e%3cuse%20href='%23s'%20x='1976'%20y='0'/%3e%3cuse%20href='%23s'%20x='2470'%20y='0'/%3e%3cuse%20href='%23s'%20x='247'%20y='210'/%3e%3cuse%20href='%23s'%20x='741'%20y='210'/%3e%3cuse%20href='%23s'%20x='1235'%20y='210'/%3e%3cuse%20href='%23s'%20x='1729'%20y='210'/%3e%3cuse%20href='%23s'%20x='2223'%20y='210'/%3e%3cuse%20href='%23s'%20x='2717'%20y='210'/%3e%3cuse%20href='%23s'%20x='0'%20y='420'/%3e%3cuse%20href='%23s'%20x='494'%20y='420'/%3e%3cuse%20href='%23s'%20x='988'%20y='420'/%3e%3cuse%20href='%23s'%20x='1482'%20y='420'/%3e%3cuse%20href='%23s'%20x='1976'%20y='420'/%3e%3cuse%20href='%23s'%20x='2470'%20y='420'/%3e%3cuse%20href='%23s'%20x='247'%20y='630'/%3e%3cuse%20href='%23s'%20x='741'%20y='630'/%3e%3cuse%20href='%23s'%20x='1235'%20y='630'/%3e%3cuse%20href='%23s'%20x='1729'%20y='630'/%3e%3cuse%20href='%23s'%20x='2223'%20y='630'/%3e%3cuse%20href='%23s'%20x='2717'%20y='630'/%3e%3cuse%20href='%23s'%20x='0'%20y='840'/%3e%3cuse%20href='%23s'%20x='494'%20y='840'/%3e%3cuse%20href='%23s'%20x='988'%20y='840'/%3e%3cuse%20href='%23s'%20x='1482'%20y='840'/%3e%3cuse%20href='%23s'%20x='1976'%20y='840'/%3e%3cuse%20href='%23s'%20x='2470'%20y='840'/%3e%3cuse%20href='%23s'%20x='247'%20y='1050'/%3e%3cuse%20href='%23s'%20x='741'%20y='1050'/%3e%3cuse%20href='%23s'%20x='1235'%20y='1050'/%3e%3cuse%20href='%23s'%20x='1729'%20y='1050'/%3e%3cuse%20href='%23s'%20x='2223'%20y='1050'/%3e%3cuse%20href='%23s'%20x='2717'%20y='1050'/%3e%3cuse%20href='%23s'%20x='0'%20y='1260'/%3e%3cuse%20href='%23s'%20x='494'%20y='1260'/%3e%3cuse%20href='%23s'%20x='988'%20y='1260'/%3e%3cuse%20href='%23s'%20x='1482'%20y='1260'/%3e%3cuse%20href='%23s'%20x='1976'%20y='1260'/%3e%3cuse%20href='%23s'%20x='2470'%20y='1260'/%3e%3cuse%20href='%23s'%20x='247'%20y='1470'/%3e%3cuse%20href='%23s'%20x='741'%20y='1470'/%3e%3cuse%20href='%23s'%20x='1235'%20y='1470'/%3e%3cuse%20href='%23s'%20x='1729'%20y='1470'/%3e%3cuse%20href='%23s'%20x='2223'%20y='1470'/%3e%3cuse%20href='%23s'%20x='2717'%20y='1470'/%3e%3cuse%20href='%23s'%20x='0'%20y='1680'/%3e%3cuse%20href='%23s'%20x='494'%20y='1680'/%3e%3cuse%20href='%23s'%20x='988'%20y='1680'/%3e%3cuse%20href='%23s'%20x='1482'%20y='1680'/%3e%3cuse%20href='%23s'%20x='1976'%20y='1680'/%3e%3cuse%20href='%23s'%20x='2470'%20y='1680'/%3e%3c/g%3e%3c/svg%3e)
USA
What to do if…
you get a security alert about a new sign-in from an unknown device
Short answer
Treat it as real until you’ve checked it yourself: go directly to the service (don’t use links in the alert), review the sign-in details, and if it wasn’t you, secure the account immediately (password change + sign out everywhere + turn on 2-step verification).
Do not do these things
- Don’t click “confirm/deny” links in an email/SMS alert unless you opened the service by typing the address/app yourself.
- Don’t “test” passwords by trying variations (you can lock yourself out or trigger more risk).
- Don’t ignore it because the location/device looks “sort of” plausible (locations can be misleading).
- Don’t reuse an old password, or change it to something similar.
- Don’t do account recovery while you’re on public/shared Wi-Fi or a shared computer if you can avoid it.
What to do now
-
Pause and verify the alert safely (30–60 seconds).
Open the app or type the website address yourself (or use a known bookmark). Find Security / Recent activity / Devices and locate the exact sign-in: time, device type, browser/app, and approximate location. -
If there’s any chance it wasn’t you: take the “secure my account” option inside the service.
Many services have a built-in option such as “No, secure account” / “This wasn’t me” that triggers protective steps (ending sessions, forcing a password change, extra checks). -
Change the password for that account right away (from a device you trust).
Use a new, unique password you’ve never used anywhere else. If you reused that old password on other accounts, plan to change those next (start with email and banking/payment accounts). -
Force sign-out on other devices and remove anything you don’t recognise.
In the account security settings, choose options like “sign out of all devices”, “log out of apps”, remove unknown devices, and revoke access for unfamiliar third-party apps. -
Turn on 2-step verification (2SV) for the account (and your email).
Use an authenticator app or device prompt if available. If you can, avoid relying only on SMS. -
Check your recovery and contact details for “quiet” changes.
Confirm your recovery email/phone, backup codes, and security questions. If anything was changed, fix it and re-secure the account. -
If this is your email account: check forwarding rules and filters.
Look for auto-forwarding, “rules”, “filters”, or “delegates” you didn’t set up (attackers sometimes use these to keep receiving your mail even after you change a password). -
If the account is for work/school, stop and involve the right people.
Use your organisation’s official IT/security channel and follow their process; they may need to reset sessions or investigate centrally. -
Capture minimal evidence, then move on.
Take screenshots of the alert/sign-in details (date/time/device/location) and any changes you notice. Don’t get stuck investigating while the account is still at risk. -
If you’ve lost money or your account was used to scam others, consider reporting through UK police reporting routes.
In the UK, cyber crime and fraud are typically reported online via Report Fraud (the national reporting service). If you’re in Scotland, reporting routes can differ; for non-emergencies, Police Scotland is commonly contacted via 101.
What can wait
- You don’t need to figure out how it happened right now.
- You don’t need to secure every account you’ve ever had today—prioritise: email → password manager (if you use one) → banking/payment → primary socials.
- You don’t need to argue with anyone who messages you about it; you can respond later once you’re secure.
- You don’t need to factory reset devices unless you keep seeing new sign-ins after you’ve secured the account.
Important reassurance
These alerts are designed to make you react fast, and it’s normal to feel shaky or angry. You’re not “too late” just because you saw one sign-in—quick, boring steps (verify, secure, sign out, 2SV) are exactly what limits damage.
Scope note
This is first steps only: it focuses on regaining control and stopping further access. If you keep getting new sign-in alerts after doing the steps above, you may need device checks and deeper recovery with the account provider.
Important note
This is general information, not legal or professional advice. If you think criminal activity is involved (especially fraud or financial loss), follow the service’s official recovery steps and use official UK reporting routes.
Additional Resources
- https://www.ncsc.gov.uk/guidance/recovering-a-hacked-account
- https://www.ncsc.gov.uk/files/recovering-hacked-accounts-infographics.pdf
- https://www.reportfraud.police.uk/guide-to-reporting/
- https://www.police.uk/advice/advice-and-information/fa/fraud/online-fraud/cyber-crime-fraud/
- https://support.google.com/accounts/answer/2590353?hl=en
- https://support.microsoft.com/en-gb/account-billing/what-happens-if-there-s-an-unusual-sign-in-to-your-account-eba43e04-d348-b914-1e95-fb5052d3d8f0