A strange IP, signing in at early morning hours when you usually don't, using a different browser, different OS, different language config, different browser plugins, running through all your email folders... THAT would be suspicious all together, most of them are not by themselves.

I understand that URB doesn't want to reveal all they do. It's the same way AV companies do not reveal how the develop all their signatures.

Everyone crying "you should reveal all your secrets, otherwise you're doing security through obscurity" do not get it. It's not secret because of security concerns, but for competitive advantage against other companies in the field. Why aren't we asking FireEye, Mandiant, CloudFlare, Incapsula or any of the other supercool security company what are they parameters for behavioural detection? Do we feel we have a superior moral stance against LogDog because we don't know them?

Well... I think most people would agree that does seem like the kind of anomaly that would justify an alert. Just because they don't have some kind of cutting-edge AI to detect hackers doesn't mean that the service is useless.