VPNs are pretty mainstream these days. If you talk to anyone working on anti-abuse you'd find the answer to most "Why don't you just.." ideas is because it'd impact many orders of magnitude more legitimate users than victims.

I turn on my company VPN and the next minute my network connections come from their HQ halfway across the world.

If I leave my desktop logged into my account in LA—or it even has some form of autologin enabled and it reboots and auto-logs-in—but I log in from my phone in DC three seconds later, that doesn't mean I traveled from LA to DC in three seconds.

well... it might be normal, if you're on VPN and traveling and what not.

The key, imo, is 'normal'. A new account has no activity, but an account that has, say, 3 years of only ever logging in from IPs located in, say, Detroit area suddenly has logins from Europe and attempts to change email/pass/etc while activity is still coming from Detroit - that's an anomaly. But until there's historical data to compare against, you can't really know. And... unless you've got a lot of computing power to check for that all the time (or outsource that sort of stuff), you probably can't detect that.