Fake Mailchimp email marketing account suspended, audience disabled, campaign sending halted, or subscriber list inaccessible due to billing failure phishing

Phishing emails impersonating Mailchimp claiming the email marketing account has been suspended, the audience list is disabled, campaign sending has been halted, or subscriber access is inaccessible due to billing failure — directing victims to update billing through a credential-harvesting portal. A distinct attack category targeting the email marketing layer that businesses of all sizes depend on to reach their customer base: Mailchimp (now part of Intuit) is the world's dominant email marketing platform with 13+ million active users. Key facts: (1) Mailchimp serves 13+ million users worldwide (11 million of them free-tier, 2+ million paying at $13-$350/month Essentials-Premium, plus custom Enterprise) making it the most widely used email marketing platform across SMBs, nonprofits, and mid-market companies — a 'Mailchimp account suspended due to billing failure' email creates audience anxiety: businesses that have spent years building subscriber lists worry their entire marketing database is at risk; (2) The audience suspension hook exploits the asymmetry between list value and platform cost: a Mailchimp audience of 50,000 subscribers may have taken 3-5 years to build through content marketing, paid acquisition, and customer referrals; the monthly Mailchimp bill to reach that audience is a few hundred dollars; a 'your audience will be disabled' email creates a loss-aversion response where the perceived value of protecting the list far outweighs the cost of the phishing click; (3) Mailchimp's campaign scheduling creates time-sensitive urgency: businesses running scheduled campaigns — weekly newsletters, product launch announcements, Black Friday promotions — worry that a billing suspension will cause their scheduled sends to fail silently; a 'sending suspended' email arriving the day before a major campaign send creates extreme urgency; (4) Mailchimp's Intuit acquisition (2021) created ongoing confusion about billing changes: Mailchimp users have received multiple genuine billing notification emails about pricing changes, tier migrations, and Intuit account merges since the acquisition — this history of legitimate billing emails has conditioned users to expect and respond to Mailchimp billing notifications; (5) Mailchimp credentials expose the complete email marketing strategy: every subscriber with their engagement history (opens, clicks, unsubscribes), all audience segmentation logic revealing the company's customer categorization, all campaign templates and email creative revealing brand and messaging strategy, all automation workflows showing the complete customer journey, all A/B test results revealing conversion optimization insights, and Mailchimp API keys used in website integrations for sign-up forms and purchase-triggered emails. Warning signs: sender not mailchimp.com or intuit.com; genuine Mailchimp billing at mailchimp.com/account/billing; Mailchimp never requests passwords or card numbers via email.