Remove “Sign-in Attempt Was Blocked” email

The “Sign-in Attempt Was Blocked” email is a phishing email that aims to steal users’ email login credentials. The email falsely claims that someone tried to use the recipient’s password to sign in to their account but the attempt was blocked. The email recommends that the recipient check the account’s activity to see what happened. To do that, it provides a “Check Activity” button, which would lead users to a phishing site. Users who type in their email login credentials on this site may lose access to their email accounts as the credentials would be stolen.

 

 

The “Sign-in Attempt Was Blocked” email is a rather basic and generic phishing attempt. Most users familiar with phishing can recognize it quickly. The message alerts recipients that their email accounts might have been accessed by an unauthorized individual and urges them to review their account activity for any harmful actions. It includes a “Check Activity” button that recipients are prompted to click.

The full text from the “Sign-in Attempt Was Blocked” phishing email is below:

Subject: Critical security alert

Sign-in attempt was blocked

–

Someone just used your password to try to sign in to your account.

– blocked them, but you should check what happened.

CHECK ACTIVITY

You can also see security activity at

–

You received this email to let you know about important changes to your – Account and services.

© 2025 – LLC

When users click the “Check Activity” button, they are directed to a website designed to mimic a legitimate email service provider. Once there, a pop-up message prompts them to log in to their accounts. If users type in their passwords, that information is immediately sent to the cybercriminals behind the phishing campaign. These malicious actors may either misuse the stolen credentials or sell them to other malicious actors. Email login details are particularly valuable to criminals, as they often contain sensitive information and can be linked to multiple accounts. Gaining unauthorized access to an email account allows cybercriminals to access various other accounts.

How do you recognize phishing emails?

Phishing attacks that target a large number of users with the same email are often straightforward and not difficult to identify, as they usually appear very unprofessional. These generic spam emails typically lack credible information and are riddled with all kinds of mistakes. However, phishing emails targeting high-profile people or organizations are more sophisticated, making them harder to identify. Fortunately, the majority of users primarily encounter generic phishing emails.

When you receive an unsolicited email asking you to click a link or open an attachment, verify the sender’s email address before you do anything. You can do this by searching the email address online to see if it genuinely belongs to the person or organization it claims to represent. While some malicious addresses may appear suspicious, scammers often use tricks to disguise their email, like replacing letters or adding extra characters.

Look out for grammar and spelling mistakes, as these can indicate a malicious email. Phishing emails frequently contain numerous mistakes. For instance, even this “Sign-in Attempt Was Blocked” has plenty of mistakes. Legitimate emails, particularly from reputable service providers, will never have mistakes.

Take your time inspecting emails before doing anything, especially when asked to click links or open attachments. What’s more, it’s best to avoid clicking on links in emails altogether. If you get a message indicating a problem with your account, manually log in to the account by typing the URL into your browser instead of clicking on any provided links. In this particular case, you don’t need to click on any links to check your email account’s activity as that can be done from your account.

“Sign-in Attempt Was Blocked” phishing email removal

Simply delete “Sign-in Attempt Was Blocked” email from your inbox if you get it. If you’ve already opened the email and entered your login credentials, be sure to change your password right away, assuming you still have access to your account. It’s also wise to review your account activity for any signs of unauthorized access.

If you can’t access your email anymore, reach out to your email service provider for help recovering it. Additionally, make sure to unlink your email from any other accounts to prevent the risk of those accounts being compromised as well.