Fake Notion / Coda workspace subscription payment failed, workspace and team pages inaccessible, or team wikis and databases suspended phishing

Phishing emails impersonating Notion or Coda claiming the workspace subscription payment has failed, the workspace and team pages are inaccessible, team wikis and databases are suspended, or workspace access will be locked — directing them to update billing or restore their workspace subscription through a credential-harvesting portal. Distinct from fake Notion workspace share credential phishing (which uses fake 'someone shared a page with you' notifications) — this targets Notion/Coda BILLING suspension with team knowledge-base access loss. Key facts: (1) Notion workspace suspension creates a company-wide knowledge base outage: Notion serves 30M+ users with $8-16/user/month Plus/Business plans and has become the central 'second brain' for startups, agencies, and distributed teams — when a Notion workspace subscription lapses, every team member simultaneously loses access to the team wiki, company handbook, project databases, meeting notes, product roadmaps, OKRs, and internal documentation; for teams that have replaced Google Docs, Confluence, and Asana with Notion, a workspace suspension is a multi-system outage in one; (2) Notion's database-as-workflow model creates cascading operational disruption: Notion databases are widely used as lightweight CRM tools, content calendars, hiring pipelines, and sprint trackers — a workspace suspension not only locks the documentation but also halts all database-backed workflows that teams use as operational systems; (3) Coda's 'doc as app' positioning creates enterprise-level billing lure: Coda serves 25,000+ paying teams ($10-30/user/month) and is positioned as a document-database hybrid that replaces spreadsheets and project tools — Coda workspace suspension locks all team automation packs, custom buttons, and cross-doc data connections that teams have built into operational workflows; (4) The 'team wikis will be suspended' hook is especially effective for engineering and product teams who have Notion as their primary engineering wiki, ADR (Architecture Decision Records) store, and onboarding documentation — losing access to the engineering wiki during an incident or onboarding sprint creates immediate urgency; (5) Notion and Coda credentials expose the entire company knowledge base (unreleased product plans, financial projections, hiring strategies, customer research), internal team communications (comments and mentions embedded in pages), and all integration API keys stored as database properties or page content. Warning signs: sender not notion.so/coda.io; genuine Notion billing at notion.so/billing; Coda billing at coda.io/account.