Account & Password Basics

How to Check Login Emails Carefully

How to tell the difference between a real login alert and a fake one, and what to do when you get a notification about a login you do not recognize.

By Alex Chen · Published May 20, 2026 · Updated June 6, 2026

You get an email that says: “A new device logged into your account.” The email looks official — it has the right logo, the right colors, and a link to review the activity. You panic and click the link. The page asks for your password. You type it in. Then you realize the page was not your email provider’s website at all.

This is a common trick. Attackers send fake login alerts that look real, hoping you will click the link and enter your password. The email itself is the attack — not the login it claims to have detected.

Real login alerts vs. fake ones

Legitimate login alerts are real emails from services you use. They are sent when someone logs into your account from a new device or location. They are useful because they warn you about unauthorized access.

Fake login alerts are phishing emails designed to look like real alerts. They want you to click a link or enter your password on a fake page.

The difference is in the details, not the appearance.

How to check if a login alert is real

When you receive a login alert, do not click any links in the email. Instead:

Check the sender’s email address. The display name can say anything. Look at the actual email address behind the display name. If the email claims to be from your email provider but comes from a random address, it is fake.

Look for personalization. Real login alerts usually include your name or your account username. Fake ones often say “Dear User” or “Dear Customer.”

Do not click the link. Instead, open your browser and go directly to the website yourself. Log in there and check your account’s security or activity page. If there really was a login from a new device, you will see it there.

Check what the email asks for. Real login alerts do not ask you to enter your password by clicking a link. They inform you and suggest you take action — but the action is to log in through the official website, not through a link in the email.

What to do if the login was real

If you check your account and see a login you do not recognize:

  1. Change your password immediately
  2. Log out of all devices if the service offers that option
  3. Enable two-factor authentication if you have not already
  4. Check whether the same password is used on other accounts — if so, change those too

A real unauthorized login is a serious sign that someone has your password. Act quickly.

What to do if the login alert was fake

If you receive a suspicious login alert and you have confirmed it is not from the real service:

Do not click any links. Delete the email.

If you already clicked a link but did not enter your password, you are probably fine. Close the page and do not go back.

If you clicked a link and entered your password, change that password immediately. If you use the same password on other accounts, change those too. Check your account for any unusual activity.

Login alerts you initiated yourself

Sometimes you get a login alert because you actually did log in from a new device — maybe you got a new phone, used a different browser, or logged in from a friend’s computer. These alerts are working as intended.

When this happens, you do not need to do anything. The alert is just confirming that the login was you. If you want to be sure, check the time and location in the alert and confirm they match your actual login.

Managing login alerts across multiple accounts

If you have many accounts, you might receive login alerts regularly — especially if you use different devices or travel. A few tips:

Do not ignore alerts. It is tempting to dismiss them as noise, but one of them might be real. Take two seconds to check the sender and the timing.

Keep a list of your important accounts. If you know which services send you login alerts, you can quickly spot ones that do not belong. An alert from a service you do not use is almost certainly fake.

Use a password manager. If each account has a unique password, a breach on one site does not compromise your other accounts. This limits the damage even if someone does get into one of your accounts.

Login alerts from services you do not use

If you receive a login alert from a service you have never signed up for, it is almost certainly a phishing email. Legitimate companies do not send login alerts to people who do not have accounts.

Delete the email. Do not click any links, do not reply, and do not try to “unsubscribe” — that just confirms your email address is active.

A

Alex Chen

Alex writes practical guides for everyday digital tasks.

Keep Reading

More from Account & Password Basics

Account & Password Basics

How to Prepare Before Changing Your Phone Number

What to do before you switch to a new phone number, so you do not get locked out of accounts that use your old number for verification.
Account & Password Basics

How to Organize Account Information

How to keep your login details, recovery emails, and account information in one place so you can find them when you need them.
Account & Password Basics

How to Update Your Recovery Email

How to check and update the recovery email on your important accounts, so you do not get locked out when you need to reset a password.
Account & Password Basics

How to Keep Track of Online Accounts

How to make a simple list of your online accounts so you know what you have, what email you used, and which accounts you no longer need.