New Device Alert on Your Exchange Account: What to Check First

Summary box

- A new-device alert is a reason to verify, not proof of a full takeover.

- Do not use links, QR codes, or phone numbers inside the alert message.

- Open the exchange only through a trusted route you control.

- If you still have access, review recent activity, sessions, and security settings.

- If you suspect your device is compromised, switch to a known-clean device before changing passwords or ending sessions.

A “new device” or “new login” alert should be treated as a warning sign, not as proof that your exchange account has been fully compromised. The safest first move is to avoid interacting with the message itself. Instead, reach the exchange through a trusted route you control and check the account from there if you still have access. Public cyber-safety guidance consistently warns that phishing messages often imitate urgent account-security alerts.

A suspicious alert can have more than one explanation. It may reflect a real access event, a security warning that still needs context, or a phishing attempt designed to send you to a fake login page. The practical point is the same in each case: verify first, then escalate based on what you can confirm.

In general terms, these alerts mean an account access event looked unusual enough for the platform to flag it. What they do not tell you on their own is how serious the situation is, whether funds moved, or whether every account control has been lost. Because the available sources here support broad cyber-safety guidance rather than exchange-specific product definitions, the safest public conclusion is simply that an unexpected access alert deserves independent verification.

Cyber authorities regularly warn users not to rely on links, attachments, or contact details supplied in unexpected security messages. That matters because scammers often use urgency, impersonation, and polished branding to pressure people into logging in on fake pages or contacting impostors. Verifying through a trusted website, bookmark, or official app reduces that risk whether the original alert was real or fake.

A single message is less informative than a pattern of changes you did not make. Concern rises if the alert appears alongside unfamiliar account activity, changed recovery details, lost access to your normal authentication method, or requests for credentials, wallet recovery data, or remote access. Those are stronger warning signs than the alert wording alone.

Even if balances look unchanged, that does not rule out phishing, attempted access, or changes that prepare for later abuse. A quick visual check is useful, but it is not a complete security review. What matters more is whether you can confirm recent actions, sessions, and security details from a trusted path.

Date checked: March 2025. The source pack for this article supports general cyber-safety guidance, not current exchange-by-exchange feature details. Readers should confirm any platform-specific menu names, session tools, or support steps directly with their own exchange before acting.

1. Stop interacting with the alert message.
2. Do not click links, scan QR codes, open attachments, or call numbers shown in the alert.
3. Open the exchange only through a bookmark, manually typed address, or official app you already trust.
4. If you suspect your phone or computer may be compromised, move to a known-clean device before changing passwords or ending sessions.
5. Check recent account activity, login history, or active sessions if those tools are available.
6. Review whether your password, second-factor method, and recovery details still appear to belong to you.
7. Look for actions you do not recognize, including trades, withdrawal attempts, or other account changes.
8. Use only the exchange’s official support channel if you lose access or spot unexplained changes.

If you still control the account, look for events you cannot explain, such as unfamiliar access times, sessions, or repeated login attempts. You are not trying to solve the whole incident immediately. You are checking whether the account record supports the possibility that someone else interacted with it.

Review the settings that matter most for account control: whether you can still sign in through a trusted route, whether your second-factor method still belongs to you, and whether recovery options appear unchanged. If those details no longer match what you set, that is a stronger reason to escalate quickly through official support.

Look beyond the current balance. If visible, review recent actions for anything you did not authorize. Document unexplained activity before making further changes where practical. That can help when you contact official support.

Reality: It is a serious warning to verify quickly, but the alert alone does not prove the full scope of what happened.

Reality: Public cyber guidance warns that phishing messages often imitate trusted brands and security notices. Appearance alone is not enough.

Reality: Unusual access, phishing, or security-setting changes can happen before visible asset movement.

A real device change can trigger a genuine alert, but that does not make the message safe to click. The safer response is still to log in through a trusted route and confirm there are no unfamiliar sessions or actions.

If the alert is followed by sign-in problems or changed authentication details, treat the situation as higher risk. Focus on containment and official support rather than on interpreting the original message.

That can still be a phishing attempt. Independent verification matters more than the design of the message. If you avoided logging in through the alert, you may have prevented a worse outcome.

• Clicking the alert before verifying where it came from.
• Using a search ad, social media reply, or direct message as “support.”
• Changing security settings from a device you suspect may be compromised.
• Sharing passwords, one-time codes, wallet seed phrases, or remote access with anyone.
• Assuming one alert proves either total compromise or no problem at all.

Use official exchange support promptly if you cannot access the account, if recovery or authentication details appear changed, or if you see actions you did not authorize. Use contact routes published by the exchange itself, not details supplied inside the alert message. For broader safety guidance on crypto account risks, see our exchange-safety coverage hub.

Yes. Public cyber guidance warns that convincing branding is commonly used in phishing. Verify independently.

If you still control the account, changing the password can be a reasonable containment step. But if you suspect the device itself is unsafe, move to a known-clean device first.

No. Extra authentication can reduce some risks, but it does not remove phishing or every account-security threat.

No. You should be cautious about anyone claiming certain recovery, guaranteed refunds, or assured tracing outcomes. The safer approach is fast verification, evidence preservation, and official escalation.

• CERT Polska
• NASK
• Gov.pl: cyberbezpieczeństwo