Fake Atlassian / Jira Software / Confluence subscription payment failed, projects locked, or wiki access suspended phishing — fraudulent email impersonating Atlassian claiming the recipient's Jira Software or Confluence subscription payment has failed, their Jira projects and sprint boards are locked, their Confluence wiki and team documentation are inaccessible, or an unauthorized charge was detected — distinct from workspace-share phishing; Atlassian: 200K+ enterprise customers with Jira (10M+ users) and Confluence (60M+ users); business-critical tool suspension ("your Jira projects will be locked in 48 hours") creates extreme team-level urgency threatening active sprints and release schedules

Phishing emails impersonating Atlassian, Jira, or Confluence claiming the recipient's subscription payment has failed, their Jira projects and sprint boards will be locked, or their Confluence wiki and team documentation are inaccessible — directing them to update billing or restore team access through a credential-harvesting portal. Key facts: (1) Jira Software project locking creates team-wide business disruption that is immediate and visible: Atlassian serves 200,000+ enterprise customers across Jira Software (10M+ users for issue tracking), Jira Service Management (3M+), and Confluence (60M+ users for team wikis); a Jira subscription suspension means the entire engineering team loses access to active sprint boards, open bugs, release blockers, and deployment tickets — making this a team-wide productivity crisis that an engineering manager must resolve immediately; 'your Jira Software subscription expires in 48 hours — all projects will be locked' targets the billing admin whose individual action prevents a team-level catastrophe; (2) Confluence wiki suspension creates knowledge-base access loss at scale: Confluence is used as the primary knowledge repository for engineering specs, product requirements, onboarding guides, and company-wide policy documents; losing Confluence access during an active product launch or critical incident means engineers cannot access the architecture documents, API specs, and runbooks they need for their work; (3) Atlassian's Cloud transition urgency adds lure plausibility: Atlassian completed a major migration from Server to Cloud, and many organizations are mid-transition with complex licensing arrangements; billing communications during this transition are expected, routine, and trusted — making 'your Atlassian Cloud subscription billing has failed' more believable than equivalent phishing for a stable product; (4) Atlassian accounts contain OAuth access to GitHub, Slack, PagerDuty, Salesforce, and hundreds of marketplace apps through Atlassian Connect; compromising an Atlassian admin credential provides attacker access to the integration ecosystem; (5) This signal is distinct from the existing fake-notion-airtable-workspace-share-phish, which exploits a document-sharing lure — this signal specifically targets billing failure urgency and subscription suspension. Warning signs: sender domain not atlassian.com, jira.com, or confluence.com; Atlassian billing appears only in admin.atlassian.com; any subscription crisis should be verified via direct login.