What to Do If You Receive 'Suspicious Sign-In Prevented' Message

Specialists encourage users to take certain security measures like setting strong passwords to secure their online accounts and turning on an extra security layer called two-factor authentication to prevent cyber attacks; however, their efforts do not bring a desirable effect – cyber attacks still happen and affect thousands of Internet users. It should be emphasized that hackers target both individual users and companies. The situation will not get any better in the near future. According to specialists, cyber criminals will cause damage worth of 6 trillion dollars by 2021. Luckily, more and more companies take responsibility for users' security. They try to prevent security and privacy-related problems from occurring in the first place. They not only educate consumers but also install security tools on their systems to recognize cyber attacks and prevent them from taking place before it is too late. Google is one of the first companies that have taken users' cyber security seriously.

What Google does to protect its customers

Google uses algorithms that monitor users' accounts activity and automatically inform them if suspicious activity is detected. To be more specific, these algorithms recognize when usernames and passwords are used in a suspicious way, for instance, there is an attempt to log into the account from an unusual location and/or device. In such a case, users receive the Suspicious Sign-In Prevented warning. It is sent to them in the form of the security message email. Usually, the security message is sent to users because an attempt to sign-in from a new location/device was detected, but users might get it if the device/application they try to log into is not supported by Google's high security standards as well. Have you received the security message via email too? Do not rush to take action and verify your identity. Before you do anything, make sure the Suspicious Sign-In Prevented security message email you have received is not another scam.

Do not fall for a scam email!

The fabricated Suspicious Sign-In Prevented message has been detected circulating in the wild by security researchers, so be careful and do not fall into the trap of cyber criminals. Phishing emails like the fake Suspicious Sign-In Prevented warning are disseminated by hackers who have the one and only purpose in their minds – to obtain users' login credentials. With their usernames and passwords in their hands, cyber criminals can easily access users' accounts and steal personal data from them. Later on, the stolen personal information might be sold on the black market or used for other malicious purposes. The possibilities are endless.

According to Kaspersky, Brazil, Argentina, Venezuela, Albania, and Bolivia are the Top 5 countries affected by phishing attacks. Without a doubt, it does not mean that Internet users located in other countries cannot receive the fabricated security message email one day. Unfortunately, it may be quite problematic to recognize these phishing emails at times. A study that analyzed phishing emails in 2017 confirmed the sad truth: 48.2% of phishing emails are opened by recipients. It seems that the situation is getting worse every year – there were only 30% Internet users who opened phishing emails back in 2016.

How do I recognize the fake security message email?

Fake email messages are made to look trustworthy to increase the likelihood of users falling for them, which explains why the number of users affected by phishing attacks does not stop growing. Speaking about the fake Suspicious Sign-In Prevented email message, there is a way to recognize it even though it contains a Google logo and does not look suspicious at all at first glance. First of all, Google will never ask you to send your username, password, or other identification information to them via email. Second, phishing emails usually contain links that lead to suspicious domains, so if you have been taken to a domain whose URL you cannot recognize, or the website simply looks buggy, you must leave it immediately. The chances are high that you have landed on a website set up to extract users' login credentials.

What do I do if I have received the Suspicious Sign-In Prevented security message email?

There is probably no need to repeat what the received security message email means, but we will do this anyway – it indicates that Google has detected suspicious activity. You should not ignore the email received because you might have a chance to prevent more serious problems from arising. Here is what you need to do right away:

  1. Access the My Activity page.
  2. Log into your account if asked.
  3. Review your recent activity.
  4. If you find anything suspicious, click Secure your account.
  5. Follow the steps to set a new Google Account password.

If you suspect that you have received a phishing email, take the following action:

  1. Log into Gmail.
  2. Open the message you have found suspicious.
  3. Click the arrow facing down in the top-right corner.
  4. Select Report Phishing.
  5. Click Report Phishing Message to send the message to Google specialists.

As you have probably already understood, specialists suggest changing the Google Account password in case the legitimate email from Google has been received, but it should be emphasized that setting a weak password will not improve the account's security at all. Let us explain to you what a strong password that can make your account immune to cyber attacks is.

What does a secure password look like?

First, it has no less than 14 characters, but it is always better to go up. Second, it consists of numbers, symbols, and letters (both lower and upper-case). Third, it does not contain any personal information like your address, your telephone number, or your birth date. Last but not least, your new password cannot consist of dictionary words, i.e. words that cyber criminals can guess easily. According to the infographic, 90% of all passwords created by users are vulnerable to hacking, so we recommend generating a secure password with a trusted password manager like Cyclonis Password Manager.

Do not ignore security email messages you receive, especially the Suspicious Sign-In Prevented email received from Google, but do not fall for them blindly. In other words, inspect the email message carefully before you take any action, e.g., click on the link it contains. Accounts get hacked very often these days, but you might prevent this from happening if you act immediately after receiving a legitimate security message. Do not ignore the importance of taking other security measures too. It is highly recommended to turn on two-factor authentication for all accounts supporting it.

August 16, 2018

One Comment

  • Marcus Coons:

    I helped when you mentioned how you can get false security alerts. It is important to know how to tell the difference between a real one and a fake. Personally, I would want to have an IT support team I can trust.

Leave a Reply