PanicStation.org
UK USA
us Technology & digital loss security alert new sign-in • unknown device login • unrecognized sign-in notification • new device sign-in alert • was this me sign-in • account takeover warning • suspicious login email • sign-in from new location • compromised account check • someone accessed my account • unexpected verification code • password changed without me • email account compromised • google security alert • microsoft unusual sign-in • apple account sign-in prompt • multi factor authentication setup • sign out of all devices • recovery email changed • account security review

What to do if…
you get a security alert about a new sign-in from an unknown device

Short answer

Assume it could be real: open the service directly (not through the alert), confirm the sign-in details, and if it wasn’t you, secure the account immediately by changing the password, signing out everywhere, and enabling multi-factor authentication.

Do not do these things

  • Don’t click links in the alert email/text to “verify” or “stop” the sign-in—go to the site/app yourself.
  • Don’t reply to the alert message or call a phone number shown in a suspicious email.
  • Don’t reuse an old password or a “slightly changed” version.
  • Don’t keep approving prompts/codes to “make the alert go away.”
  • Don’t spend time hunting for the attacker while your account is still open.

What to do now

  1. Verify the alert safely (fast).
    Open the app or type the website address yourself. Go to Security / Sign-in activity / Devices / Recent activity and match the alert to an entry (time, device, location, device details if shown).

  2. If it wasn’t you (or you’re unsure), use the service’s built-in “secure my account” flow.
    Look for prompts like “No, secure account” or “This wasn’t me” and follow them—these often force session resets and extra checks.

  3. Change the password immediately (from a device you trust).
    Make it new and unique. If you reused the old password anywhere else, put those accounts on a short list to change next (start with email and financial accounts).

  4. Sign out everywhere and remove unknown devices/sessions.
    Use account settings to sign out of all devices/sessions, remove unfamiliar devices, and revoke access for unknown connected apps (“third-party access”).

  5. Turn on multi-factor authentication (MFA) now.
    Prefer an authenticator app, device prompt, or security key if available. Keep backup codes somewhere safe (not in the same email account you’re securing).

  6. Check account recovery info for silent takeover.
    Confirm recovery email/phone, backup methods, and any “trusted devices.” If anything is unfamiliar, remove it and re-secure the account.

  7. If this is your email account, check forwarding and rules.
    Look for auto-forwarding addresses, inbox rules/filters, delegates, or “mail rules” you didn’t create—remove them.

  8. If money, crypto, gift cards, or paid subscriptions are involved, act in parallel.
    Contact the financial provider/platform using official contact methods (from their app/site). Ask what can be stopped, reversed, frozen, or disputed.

  9. If you believe identity theft is involved, use official U.S. recovery/reporting hubs (and type addresses yourself).
    Use IdentityTheft.gov for a step-by-step recovery plan. For cyber-enabled fraud (including account takeover), you can file a complaint with the FBI’s Internet Crime Complaint Center—type “ic3.gov” yourself (don’t follow links from messages).

What can wait

  • You don’t need to diagnose the cause right now (phishing vs breach vs reused password).
  • You don’t need to secure every account today—prioritize: email → password manager → banking/payment → primary social.
  • You don’t need to wipe devices unless you keep seeing new sign-ins after you’ve reset passwords, signed out sessions, and enabled MFA.
  • You don’t need to confront anyone—focus on regaining control first.

Important reassurance

A “new sign-in” alert is meant to trigger urgency, and it can feel violating. The good news is that the most effective actions are straightforward and under your control: verify safely, secure the account, end sessions, and add MFA.

Scope note

This is first steps only to stop unauthorized access and stabilize the situation. If new sign-ins continue after these steps, you may need deeper provider support and device checks.

Important note

This is general information, not legal advice. If you have financial loss or identity theft concerns, use official recovery/reporting channels and follow your account provider’s official instructions.

Additional Resources
Support us