Fake GitHub Copilot / JetBrains All Products Pack developer tool subscription payment failed, license expired, or IDE switching to read-only mode phishing — fraudulent email impersonating GitHub or JetBrains claiming the recipient's Copilot Business subscription payment has failed, their JetBrains license has expired, or their IDEs (IntelliJ IDEA, PyCharm, WebStorm) will switch to read-only mode — directing them to sign in, renew, or update billing through a credential-harvesting portal; GitHub Copilot: 1.3M+ paid subscribers ($10-19/month; Business $19/seat); JetBrains: millions of paying subscribers ($249/year All Products Pack); developer tool phishing uniquely threatens professional output — "your IDE switches to read-only at midnight" creates extreme urgency; Copilot Business seat management makes team leads prime targets

Phishing emails impersonating GitHub or JetBrains claiming the recipient's GitHub Copilot subscription payment has failed, their JetBrains All Products Pack license has expired and their IDEs will switch to read-only mode, or an unauthorized charge was detected — directing them to sign in, renew, or update billing through a credential-harvesting portal. Key facts: (1) JetBrains license expiry creates an extreme-urgency lure that is nearly unique: unlike most subscription services, expired JetBrains IDE licenses cause the software to switch to a restricted read-only or evaluation mode — 'your IntelliJ IDEA and PyCharm licenses expire tonight and will switch to read-only mode' is an operationally catastrophic event for a software developer mid-project; developers cannot commit code, cannot edit files, cannot ship features with an expired license; the lure is uniquely credible because JetBrains licenses do legitimately have expiry dates and require renewal; (2) GitHub Copilot Business subscription management creates a team-level attack surface: GitHub Copilot Business (1.3M+ paid subscribers at $19/seat/month) is managed at the organization level, meaning a single compromised admin account can disable AI coding assistance for an entire engineering team; 'your GitHub Copilot Business subscription payment has failed and your team's AI coding access is suspended' reaches both individual developers ($10/month Individual) and the billing admins who manage team licenses; (3) Developer tool accounts contain premium attack targets beyond credentials: GitHub accounts linked to Copilot subscriptions contain SSH keys, personal access tokens, repository access permissions, CI/CD pipeline configurations, and GitHub Actions secrets — compromising a developer's GitHub account provides attackers with access to private source code, infrastructure-as-code files, and API keys stored in repositories; (4) JetBrains Toolbox manages licenses for IntelliJ IDEA Ultimate, PyCharm Professional, WebStorm, DataGrip, CLion, GoLand, Rider, and PhpStorm — teams using JetBrains All Products Pack ($249/year per user) face license expiry across all their IDEs simultaneously; the multi-tool exposure amplifies urgency; (5) Developer demographics make this attack particularly effective: software engineers earning $100K-$300K+ respond quickly to threats against productivity tools because billable hours, sprint commitments, and deployment deadlines make IDE downtime immediately consequential. Warning signs: sender domain not github.com or jetbrains.com; GitHub sends billing communications only from github.com; JetBrains license renewals appear in the JetBrains Toolbox app and account.jetbrains.com, never via unsolicited email.