Skip to main content

Security Alerts in PyjamaHR: What They Are and How to Respond

Updated over 3 weeks ago

Executive Summary

PyjamaHR’s security alerts are proactive notifications designed to protect your account from unauthorized access and suspicious activity. With recent upgrades to SOC-2 compliance and advanced hijacking detection, these alerts help ensure your company’s data and candidate information remain secure. Understanding how these alerts work—and how to respond—will help you avoid disruptions and keep your hiring workflows running smoothly.

Detailed Overview

What Are Security Alerts in PyjamaHR?

Security alerts in PyjamaHR are automated warnings or account actions triggered when the system detects suspicious activity, such as:

  • Multiple logins from different devices, browsers, or locations

  • Simultaneous access using the same credentials

  • Account access from unusual or geographically distant locations

  • Use of VPNs or rapid location changes

  • Sharing of credentials among multiple users

Why do these alerts matter?
They are part of PyjamaHR’s SOC-2 compliant security framework, which includes active hijacking detection to prevent account takeovers, data breaches, and unauthorized access. When a security alert is triggered, your account may be temporarily frozen or blocked while the system investigates.

When and Why Are Security Alerts Triggered?

  • Multiple Devices or Browsers: Logging in from a laptop, then a mobile device, or using different browsers in quick succession.

  • Different Locations: Accessing your account from different cities or countries within a short time frame.

  • Credential Sharing: Multiple team members using the same login credentials.

  • VPN Usage: Logging in from IP addresses that change rapidly or appear in different regions.

  • Suspicious URLs or Company Info: Anti-spam AI filters flagging suspicious company websites or LinkedIn URLs during business verification.

Business Impact:
While these alerts may temporarily disrupt access, they are critical for protecting sensitive candidate and company data, maintaining compliance, and preventing fraud or account hijacking.

Integration with Other PyjamaHR Features

  • Team Member Management: Each user should have their own credentials. Use the “Invite Team Members” feature under Settings > Team to add users.

  • Business Verification: Anti-spam filters may trigger alerts if your company’s website or LinkedIn profile appears suspicious.

  • LinkedIn Integration: Security checks are also enforced during LinkedIn account verification and integration.

Step-by-Step Guide: How to Respond to a Security Alert

1. Understand the Alert

  • You may see a message such as:
    “Suspicious activity detected. Your account has been flagged for suspicious activity. For security reasons, access has been temporarily suspended. Please contact support to restore access.”

2. Do Not Attempt Multiple Logins

  • Avoid repeatedly trying to log in from different devices or browsers, as this can prolong the lockout.

3. Contact PyjamaHR Support

  • Use the in-app chat or email support.

  • Provide your registered email ID and a contact number.

  • Be ready to confirm recent login activity (devices, locations, VPN usage).

4. Verify Your Identity

  • Support may request a quick call or Zoom meeting to verify your identity and discuss the activity.

  • In some cases, you may be asked to provide business verification documents (company website, LinkedIn URL, registration docs).

5. Follow Support Instructions

  • Support will manually review and, if appropriate, restore your access.

  • You may be asked to:

  • Change your password immediately.

  • Stop sharing credentials.

  • Invite additional users via Settings > Team Members.

  • Avoid simultaneous logins from multiple devices.

6. Restore Access

  • Once cleared, perform a hard refresh or open PyjamaHR in an incognito window.

  • Log in with your credentials.

7. Prevent Future Alerts

  • Use only your assigned credentials.

  • Log out from other devices before logging in elsewhere.

  • Avoid using VPNs that rapidly change your IP/location.

  • Ensure all team members have their own accounts.

Screenshots to include:
- Example of a security alert message
- Settings > Team Members (inviting users)
- Password reset screen

Advanced Usage & Best Practices

Power User Tips

  • Device Registration: If you regularly use multiple devices (e.g., office desktop, home laptop, mobile), inform support so they can note this on your account.

  • Traveling: If you plan to travel or work remotely from a new location, notify support in advance to avoid false positives.

  • VPN Use: Use a consistent VPN endpoint if remote work is required, or avoid VPNs that change your location frequently.

Optimization Strategies

  • Team Access: Always invite team members as separate users. Go to Settings > Team > Invite Team Member.

  • Password Hygiene: Change your password after any security alert or if you suspect compromise.

  • Business Verification: Keep your company website and LinkedIn profile up to date and professional to avoid anti-spam flags.

Do’s and Don’ts

Do:
- Use your own login credentials only.
- Log out from all devices before switching.
- Contact support promptly if flagged.

Don’t:
- Share your credentials with colleagues.
- Log in on multiple devices simultaneously.
- Ignore security alerts or repeatedly attempt to log in after being flagged.

Troubleshooting & Common Issues

Common Error Messages

  • “Suspicious activity detected. Your account has been flagged…”

  • Cause: Multiple logins, location changes, or credential sharing.

  • Solution: Contact support, verify identity, reset password.

  • “Account blocked due to suspicious website or LinkedIn URL.”

  • Cause: Anti-spam AI flagged your company info.

  • Solution: Provide valid business documents and URLs to support.

  • “Not able to login after access restored.”

  • Solution: Perform a hard refresh (Ctrl+F5), clear browser cache, or use incognito mode.

What If Scenarios

  • What if I need to use multiple devices?

  • Inform support and use only one device at a time. Do not log in simultaneously.

  • What if my account is blocked during urgent work?

  • Contact support with your registered email and phone number for priority handling.

  • What if I’m traveling or working remotely?

  • Notify support in advance to avoid being flagged for location changes.

  • What if I shared credentials by mistake?

  • Change your password immediately and invite the other user as a team member.

  • What if my business verification is repeatedly flagged?

  • Ensure your LinkedIn and website are complete, professional, and match your business registration documents.

Comprehensive FAQ

1. Why was my account flagged for multiple logins?
PyjamaHR detected logins from different devices, browsers, or locations, which can indicate credential sharing or unauthorized access.

2. Can I log in from both my laptop and mobile?
Yes, but not simultaneously. Always log out from one device before logging in on another.

3. What if I use a VPN?
Frequent changes in IP/location due to VPNs can trigger security alerts. Use a consistent endpoint or avoid VPNs when possible.

4. Can my team share one login?
No. Each user must have their own credentials. Sharing is against SOC-2 compliance and will trigger alerts.

5. How do I add more users?
Go to Settings > Team Members > Invite Team Member.

6. I changed my WiFi/location and got flagged. Why?
A sudden location change can look suspicious. Notify support if you expect to work from multiple locations.

7. How long does it take to restore access?
Most cases are resolved within minutes to a few hours after verification.

8. Why do I need to provide business documents?
To verify your company’s legitimacy if anti-spam filters flag your website or LinkedIn.

9. What if my account is repeatedly blocked?
Review your login practices, avoid sharing credentials, and contact support for a review.

10. Can I see a history of my logins?
No, PyjamaHR does not provide historical login data to users due to data volume and privacy.

11. What if my new hire can’t get their invite?
Check spam folders, resend the invite, or contact support if issues persist.

12. What if I need to change my registered email?
Add the new email as a super admin, then remove the old one.

Related Features & Next Steps

  • Team Member Management:
    Inviting Team Members

  • Password Reset:
    Use the “Forgot Password” link on the login page.

  • Business Verification:
    Keep your company website and LinkedIn profile up to date.

  • LinkedIn Integration:
    LinkedIn Integration Guide

Recommended Next Steps:
- Review your team’s access and invite all users individually.
- Update your password and security practices.
- Bookmark this article for future reference.

Still have questions?
Contact PyjamaHR support via in-app chat or email for personalized assistance.

Related Articles:
- Inviting Team Members
- Understanding Access Types
- LinkedIn Integration
- How to Reset Your Password

By following these guidelines, you can ensure uninterrupted access to PyjamaHR while keeping your data and your candidates’ information secure.

Did this answer your question?