Fake Gusto / BambooHR / Paychex US small business HR and payroll platform subscription payment failed, payroll will not be processed, or employee records and direct deposit suspended phishing — fraudulent email impersonating Gusto, BambooHR, or Paychex claiming the subscription payment has failed, payroll will not be processed and employees will not be paid, direct deposit is suspended, or employee records and HR workflows are no longer active — Gusto: 300K+ small businesses ($6-80/month + $4-12/employee), covers payroll + benefits + HR; BambooHR: 30K+ companies; Paychex: millions of SMB customers; distinct from Deel/Rippling global payroll phishing — targets US domestic SMB HR/payroll; payroll suspension is the highest-urgency billing failure hook possible — employees do not receive paychecks, creating immediate legal employment liability

Phishing emails impersonating Gusto, BambooHR, or Paychex claiming the US small business HR and payroll subscription payment has failed, payroll will not be processed and employees will not be paid, direct deposit is suspended, or employee records and HR workflows are no longer active — directing them to update billing or restore the payroll platform through a credential-harvesting portal. Distinct from Deel/Rippling global payroll phishing — targets US domestic SMB HR and payroll customers with different billing structures and urgency hooks. Key facts: (1) Payroll suspension creates the highest-urgency billing failure scenario: Gusto serves 300,000+ small businesses ($6-80/month base + $4-12/employee) running US payroll and benefits — when a Gusto account is suspended, the next scheduled payroll run will fail; employees do not receive paychecks on payday, creating immediate employment law violations (most US states require timely wage payment under state labor laws), possible wage theft complaints to the Department of Labor, and potential for employees to quit; for a business owner who relies entirely on Gusto to run payroll, a 'your payroll will not be processed' email triggers existential urgency to restore access before payday; (2) BambooHR suspension locks HR teams out of all employee records: BambooHR serves 30,000+ companies (mid-market pricing) as a centralized HR information system — when a BambooHR account is suspended, HR teams lose access to employee records, offer letters, performance reviews, PTO balances, and the time-off approval workflow; all new hire onboarding processes are halted; for companies in active hiring, a suspended BambooHR platform blocks offer letter generation and I-9 document tracking; (3) Paychex's tax filing integration creates compliance urgency: Paychex serves millions of SMB customers and handles not just payroll but also federal and state tax filings (941, 940, state withholding), W-2 generation, and benefits administration — a Paychex suspension email threatening that 'tax filings will not be processed' creates both payroll and tax compliance urgency simultaneously; missing a quarterly payroll tax deposit triggers IRS penalties starting at 2-15% of the unpaid amount; (4) HR platform credentials give attackers access to every employee's Social Security number, date of birth, home address, bank account routing numbers (for direct deposit), compensation history, and health insurance enrollment details — among the most complete personal identity packages available; (5) Business owners who receive these phishing emails are typically not security-trained and are conditioned to respond immediately to payroll warnings — a business owner who misses payroll faces personal employment liability. Warning signs: sender not gusto.com/bamboohr.com/paychex.com; genuine Gusto billing at app.gusto.com; payroll platforms do not send re-authentication requests via billing failure emails; check directly in the platform before clicking any billing link.