Fake HCP Terraform / HashiCorp Vault subscription payment failed, infrastructure automation and remote state suspended, or secrets management and dynamic credentials offline phishing — fraudulent email impersonating HashiCorp Terraform Cloud or HCP Vault claiming the subscription payment has failed, infrastructure workspace runs and remote state management are suspended, or Vault dynamic secrets and application credentials are no longer active — HCP Terraform Plus: $20/user/month; HCP Vault: $0.03-0.07/hr; infrastructure automation suspension blocks all deployment pipelines; Vault suspension takes all application secrets offline simultaneously

Phishing emails impersonating HashiCorp Terraform Cloud (HCP Terraform) or HCP Vault claiming the infrastructure subscription payment has failed, workspace runs and remote state management are suspended, or Vault dynamic secrets and application credentials are offline — directing them to update billing or restore infrastructure access through a credential-harvesting portal. Key facts: (1) Terraform Cloud suspension blocks all infrastructure changes organization-wide: HashiCorp Terraform Cloud (now HCP Terraform, $20/user/month Plus) provides remote plan/apply execution and centralized remote state management for infrastructure-as-code workflows; when a Terraform Cloud subscription lapses, all workspace runs are blocked — engineering teams cannot provision new infrastructure, update existing resources, or tear down environments; CI/CD pipelines that trigger Terraform applies as part of deployment workflows fail, blocking software releases; organizations that centralize state in Terraform Cloud also lose access to remote state, making any Terraform commands from local machines fail with state-lock errors; (2) HashiCorp's IBM acquisition and BSL license change create heightened billing anxiety: HashiCorp's August 2023 license change from MPL to BSL and subsequent IBM acquisition in 2024 created significant community uncertainty about pricing and licensing; many Terraform Cloud users are actively evaluating alternatives (OpenTofu, Pulumi) and are already anxious about billing terms — phishing emails exploiting 'subscription terms have changed and require payment verification' are particularly credible in this context; (3) HCP Vault suspension is catastrophically disruptive for application security: HashiCorp Vault (HCP Vault $0.03-0.07/hr active client) provides dynamic credentials, secret rotation, PKI certificate issuance, and encryption-as-a-service for applications; when Vault becomes unavailable, applications that retrieve database credentials dynamically fail to authenticate to their databases, services that use Vault-issued TLS certificates can no longer renew them, and any application using Vault's transit encryption cannot encrypt or decrypt data — a Vault suspension cascades into application-wide authentication and encryption failures across every service using it; (4) Terraform state file access gives attackers unprecedented infrastructure knowledge: Terraform state files contain the complete description of provisioned infrastructure including resource IDs, IP addresses, database connection strings, and sometimes plain-text sensitive values — compromised Terraform Cloud credentials expose the full infrastructure topology for targeted attacks; (5) Pulumi, the Terraform alternative, serves a growing community of $20-80/month Team/Enterprise subscribers who are equally vulnerable to infrastructure automation billing urgency. Warning signs: sender not hashicorp.com or app.terraform.io; HCP Terraform billing is managed at app.terraform.io/settings/billing, never via external email link.