Medium riskText Message Scams

New Login Alert Scam

This scam sends a fake security warning claiming a new device or unfamiliar location signed into your account, urging you to 'secure' it through a link that leads to a fake login page built to steal your password.

Quick verdict

Risk level
Medium risk
Scam type
Account phishing scam
Main red flag
An alarming alert about an unrecognised login that pushes you to act through a link.
What to do first
Do not use the link. Open the app or website yourself and check the account's recent login activity.

What this scam usually looks like

This scam sends a fake security warning claiming a new device or unfamiliar location signed into your account, urging you to 'secure' it through a link that leads to a fake login page built to steal your password.

Example message pattern

Example pattern — not a real report
Example pattern: 'Security Alert: A new sign-in to your account was detected from a device in another city. If this was not you, secure your account now: [unfamiliar link]'

This is a fictional, anonymised example used to illustrate the pattern. It is not a verified real message, and any names are used only to show how the scam typically reads.

Red flags to watch for

  • An urgent warning that a stranger has accessed your account
  • A link to 'secure' or 'verify' rather than the official site you normally use
  • Wording designed to make you panic and act immediately
  • The login page asks for your password again right after you click
  • Small differences in the sender address or web address compared with the real service

What to do

  • Do not click the link in the message
  • Open the genuine app or website by typing the address yourself and review login activity
  • Change your password from within the real account if anything looks wrong
  • Turn on two-factor authentication and report the message as phishing

If you already clicked or replied

  • Do not enter your password or any codes on the linked page
  • Go to the real service and change your password immediately
  • Sign out all devices through the account's security settings if that option exists
  • Check whether the same password is used elsewhere and update those accounts too

What not to do

  • Do not enter your password on a page reached through the link
  • Do not share two-factor codes with anyone
  • Do not assume the message is real just because it looks branded

Similar scams

High risk Text Message

Two-Factor Code Text Scam

In this scam a fraudster triggers a genuine two-factor or one-time code to your phone, then poses as support staff or a contact to pressure you into reading it back so they can take over your account.
High risk Social Media

Facebook Account Recovery Scam

This scam uses a hacked friend's account to ask you to be a 'recovery contact' or share a code, which actually hands your own account to the scammer.
High risk Email

Microsoft Account Email Scam

This scam sends a fake Microsoft or Outlook email about an unusual sign-in or an account about to be closed, linking to a fake Microsoft login page that captures your email and password.

Frequently asked questions

How can I tell a real login alert from a fake one?
Genuine alerts let you check activity inside the app or website without needing a link. If a message pushes you to a login page through a link, treat it with caution and verify through the official site.
Why would a scammer warn me about a hacker?
The fake warning creates panic so you rush to 'secure' the account, which leads you to a fake login page where your password is captured. The supposed threat is the bait.
I entered my password before realising. What now?
Change that password straight away through the real service, sign out other devices, and update any other accounts using the same password. Turning on two-factor authentication adds protection.
Does two-factor authentication stop this scam?
It adds a strong layer of protection, but never share the codes. Some scams also try to trick you into handing over the code, so only enter it on the official site you opened yourself.

Last reviewed: June 2026

Disclaimer: This page provides educational information only to help you recognise common scam patterns. It is not legal, financial, cybersecurity, or law enforcement advice, and it does not confirm whether any specific message, company, or person is genuine or fraudulent. When in doubt, contact the official organisation directly and report concerns to your local authorities.