"Someone tried to log into your account" message

Questions on how we spend our money and our time - consumer goods and services, home and vehicle, leisure and recreational activities
Post Reply
Topic Author
AS7911
Posts: 719
Joined: Wed Feb 07, 2018 12:55 pm

"Someone tried to log into your account" message

Post by AS7911 »

When i get a text with the subject content followed by " if this wasn't you, we recommend you change your password immediately..." My question is ...why? They don't know my password. Why change it? Seems like I get a message like that from 1 of 101 accounts I log into... about once a week.
Last edited by AS7911 on Thu Nov 28, 2024 4:11 pm, edited 1 time in total.
gavinsiu
Posts: 6619
Joined: Sun Nov 14, 2021 11:42 am

Re: "Someone tried to log into your account" message

Post by gavinsiu »

Just to be on the safe side, you could change the password. The other possibility is that if you use an aggregator like yodlee, it might result in a similar message.

Does it say where it login from?
mhalley
Posts: 10652
Joined: Tue Nov 20, 2007 5:02 am

Re: "Someone tried to log into your account" message

Post by mhalley »

Liability reasons. Maybe your pw is weak and since someone is trying to login they might eventually get it. So not only change the pw but make it stronger.
rkhusky
Posts: 20043
Joined: Thu Aug 18, 2011 8:09 pm

Re: "Someone tried to log into your account" message

Post by rkhusky »

All they guessed is the username.
User avatar
Boglenaut
Posts: 3591
Joined: Mon Mar 23, 2009 7:41 pm

Re: "Someone tried to log into your account" message

Post by Boglenaut »

rkhusky wrote: Thu Nov 28, 2024 7:47 pm All they guessed is the username.
Or more likely someone has a similar username and keeps making a typo. I had that happen to me once when I used too common sounding of a username.
"Orangutans are skeptical of changes in their cages"
MGBMartin
Posts: 1345
Joined: Thu Nov 04, 2021 11:09 am

Re: "Someone tried to log into your account" message

Post by MGBMartin »

Boglenaut wrote: Thu Nov 28, 2024 8:15 pm
rkhusky wrote: Thu Nov 28, 2024 7:47 pm All they guessed is the username.
Or more likely someone has a similar username and keeps making a typo. I had that happen to me once when I used too common sounding of a username.
Or the user name is the email address which half the world knows already.
Bad spellers of the world untie | Autocorrect is my worst enema
jimhend1
Posts: 40
Joined: Tue May 28, 2013 5:44 pm

Re: "Someone tried to log into your account" message

Post by jimhend1 »

In a similar vein I don't understand how I have received a 6 digit 2 factors code I did not request. Does that indicate they have my UID and PW to get a 2nd factor code?
User avatar
Boglenaut
Posts: 3591
Joined: Mon Mar 23, 2009 7:41 pm

Re: "Someone tried to log into your account" message

Post by Boglenaut »

jimhend1 wrote: Thu Nov 28, 2024 11:20 pm In a similar vein I don't understand how I have received a 6 digit 2 factors code I did not request. Does that indicate they have my UID and PW to get a 2nd factor code?
Possibly, but not necessarily.

I don't want to get into the details for security reasons, but if your phone number accidentally got associated with some random stranger's account they could be triggering them unknowingly. It happened to someone I know.
"Orangutans are skeptical of changes in their cages"
rkhusky
Posts: 20043
Joined: Thu Aug 18, 2011 8:09 pm

Re: "Someone tried to log into your account" message

Post by rkhusky »

Boglenaut wrote: Fri Nov 29, 2024 6:46 am
jimhend1 wrote: Thu Nov 28, 2024 11:20 pm In a similar vein I don't understand how I have received a 6 digit 2 factors code I did not request. Does that indicate they have my UID and PW to get a 2nd factor code?
Possibly, but not necessarily.

I don't want to get into the details for security reasons, but if your phone number accidentally got associated with some random stranger's account they could be triggering them unknowingly. It happened to someone I know.
+1
It’s easy to mistype a digit and get a valid number.
ccieemeritus
Posts: 827
Joined: Thu Mar 06, 2014 9:43 pm

Re: "Someone tried to log into your account" message

Post by ccieemeritus »

But don’t click the link in the email you received! The email itself might be a scam.

Type in the domain name of the website yourself. Then you can go through the change password procedure.

Use a password manager and have a different password on each site. If a hacker penetrates (for example) the Bogleheads web server, you don’t want them using that password at your other sites.
mkc
Moderator
Posts: 3649
Joined: Wed Apr 17, 2013 2:59 pm

Re: "Someone tried to log into your account" message

Post by mkc »

ccieemeritus wrote: Fri Nov 29, 2024 9:09 pm But don’t click the link in the email you received! The email itself might be a scam.

Type in the domain name of the website yourself. Then you can go through the change password procedure.
^ This ^

These texts could easily be phishing scams.
HooCares
Posts: 204
Joined: Sat Aug 03, 2024 3:26 pm

Re: "Someone tried to log into your account" message

Post by HooCares »

I would be more concerned that they know your password and failed 2FA. No big deal if you have unique passwords for every site, but if you use the same one everywhere you need to be concerned because not every site has 2FA enabled.
NYCaviator
Posts: 2891
Joined: Sat Apr 09, 2016 5:06 pm
Location: NYC

Re: "Someone tried to log into your account" message

Post by NYCaviator »

rkhusky wrote: Thu Nov 28, 2024 7:47 pm All they guessed is the username.
Or it’s a financial aggregator trying to log in. If OP has any accounts linked to other websites that would do it.

I’d still change passwords just to be safe.

I wonder if things like Schwab or Fidelitys security guarantee would be voided if someone gets such a message but doesn’t change their password.
lstone19
Posts: 2665
Joined: Fri Nov 03, 2017 3:33 pm
Location: Nevada

Re: "Someone tried to log into your account" message

Post by lstone19 »

AS7911 wrote: Thu Nov 28, 2024 3:36 pm When i get a text with the subject content followed by " if this wasn't you, we recommend you change your password immediately..." My question is ...why? They don't know my password. Why change it? Seems like I get a message like that from 1 of 101 accounts I log into... about once a week.
I completely agree. Nothing about it suggests a password compromise and it is well established now that forcing unneeded password changes makes things less secure (people more likely to record them in insecure locations). In this case, the password did its job. Changing the password will not improve the situation.

Imagine if the physical lock on your home could report "Someone tried to unlock your door with the wrong key. If this wasn't you, we recommend you have all your locks rekeyed immediately." Such as suggestion would be absurd.
Post Reply