Email Phishing Scams: “Unusual Activity on Your Account” may be a scam! Here’s how to tell

Websites across the internet are working diligently to make their site more secure and better protect your personal data. You’ll notice more annoying emails alerting you to a new sign in from a different device or a follow-up email every time you change your password, just in case that wasn’t actually you. They may be annoying but it’s nice to know they’re keeping tabs on these things, just in case.

Well, hackers are taking advantage of these niceties and knowing a few tricks can help prevent you from clicking on a phishing scam.

On occasion, I’ll get a “Your account has been compromised” email letting me know the site identified unusual activity. There will usually be instructions to follow a link to reset your password or account.

Now, this seems all great and handy dandy BUT it does not mean this is a legit email! It very well could be, but it could also be a scammer looking to get you to give them your information, instead of them stealing it. Whenever your receive this email, there are a couple things you can quickly look at to determine if it looks “phishy” (pun intended) or not.

I’ll use two examples, one from Groupon and one from LinkedIn, to show you how to spot these Red Flags. Just last night, I received the below email from Groupon and today, my work issued a warning of a LinkedIn scam they received.

Example emails from LinkedIn and Groupon about Unsual Activity. One is a scam, the other is legit. Can you tell which one is which?

Sender’s Email Address

The first place to start is to look at the sender’s email address. If using a phone, you can click on the sender’s name it should open or if in a browser, you can usually hover over the name and it will expand with the full email address.

If, immediately, the email address looks weird, this is a Red Flag. When I say weird, I mean:

  • Has random letters and numbers

    Sender Email Address Examples
  • Does not have the company name anywhere (just because it does, does not okay it either)
  • Looks more like a personal email than a professional email
  • Uses generic @yahoo, @gmail, @hotmail email (most companies will use a version of @companyname)

If the email doesn’t raise suspicion, but you still want to make sure it’s legit, do a Google search. You can search “email@address scam” or “email@address real” and if it is related to scam, more than likely a few forums will come up identifying the email address as a scammer and not from the company.

If a search result from the company site appears, like in my Groupon example below, check it out and make sure that site page is actually from the parent site and that is it identifying the email address as one of their own. It is possible the site has information showing that email as not legit so do make sure to see the context.

I was able to find the sender’s email address on the Groupon website where it explicitly states this is a legit email and you need to add it to your address book.

Body of the Email

Next, look at the body of the email. Some things to look at:

  • Grammatical or spelling errors
  • Proper English
  • Style and Formatting
  • Font

If there are obvious grammatical/spelling issues, Red Flag. If the formatting is not professional or looks off, Red Flag. If multiple fonts are used where you wouldn’t expect a different font, Red Flag.


So, we’ve verified the Groupon email and it the body looks legit so safe to say, this was a real email so I went ahead and reset my password.

Let’s look at the LinkedIn email a little closer though because this did end up being a phishing scam.


1. The Sender’s Email is from

Does not have “LinkedIn” anywhere in the email address and it does not look like a company email. Also, searching for it on Google came up with zero results so LinkedIn does not seem connected to it in any way.


2. The body is wordy, not professional, and has punctuation errors

“Unusual activities have been detected” is not usually how this would be worded. There is clear punctuation missing through the body (particularly commas).


3. There is a mix of fonts used in the name LinkedIn

Mis-formatting the name of the company is a big no-no so when non company standard font is used in the company name, it is a big red flag.

You can see in the name, “LinkedIn” the “In” is in Times New Roman while the rest is in another font. This is not a stylistic choice and would never be used by a company unless that is the company standard way to format the company name (it is not in this case)


4. Information at the bottom is outdated

This email almost looks legit because of the text of the bottom, which you’d expect to see, except that it’s from 2015!! Definitely suspicious.

Here’s what LinkedIn has at the bottom of an email I received from them last week:

LinkedIn disclosure at bottom of email from April 2018

Notice it’s from 2018 and they’re not based in Ireland…


Final Conclusion: It’s a SCAM! 

Do not click the verification link and DO NOT ENTER ANY INFORMATION. You are literally handing over your account info to someone who will most likely abuse it.

With scams becoming more well known, scammers are becoming more creative. These emails are quite common so it is important to not rush to “verify” or “change” anything. Scammers use these types of emails because of the sense of urgency they give, hoping you won’t think and will just act.

Whenever on the internet or doing anything that sends information from your local computer “out anywhere”, always think before you act.

Hover over links and look to the bottom left-hand corner of the browser, it will show you where the link is taking you. Are you leaving the site you’re on? If so, probably don’t click on it unless you recognize the site.

What things do you keep an eye out to see if an email is legit or not? Let me know!


Photo from IT Pro

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s