Fake PagerDuty / Opsgenie incident management and on-call scheduling subscription payment failed, licenses no longer active, on-call schedules disabled, or incident management access suspended phishing

Phishing emails impersonating PagerDuty or Opsgenie claiming the incident management and on-call scheduling subscription payment has failed, licenses are no longer active, on-call schedules are disabled, or incident management access is suspended — directing victims to update billing through a credential-harvesting portal. A distinct attack category targeting the incident response orchestration layer that connects every monitoring alert to the human who must respond: PagerDuty is the dominant enterprise incident management platform and Opsgenie (acquired by Atlassian) is the primary alternative integrated into the Jira/Atlassian ecosystem. Key facts: (1) PagerDuty serves 19,000+ customers ($19-$59/user/month Professional/Business/Digital Operations) including Amazon, Netflix, Slack, and 65% of the Fortune 500 as the platform that converts monitoring alerts into on-call notifications — a 'PagerDuty licenses no longer active' email implies that when the next production incident fires, no one gets paged; for engineering organizations with 24/7 on-call SLAs, losing PagerDuty is a critical operational gap that must be fixed immediately; (2) The on-call schedule suspension hook creates uniquely calibrated urgency: on-call schedules are the carefully maintained rotation that determines who gets paged at 3 AM; a 'schedules disabled' email arrives as a plausible operational emergency because on-call engineers know from direct experience that a missed page during an incident can mean minutes of undetected downtime; (3) Opsgenie serves 10,000+ teams as the Atlassian-native incident management platform deeply integrated with Jira Service Management, Confluence, and Jira Software — organizations that use Jira for project management, Confluence for runbooks, and Jira Service Management for IT help desk will have Opsgenie as their incident management platform; an 'Opsgenie on-call access suspended' email exploits the Atlassian trust relationship that these organizations have with their entire productivity suite; (4) PagerDuty and Opsgenie are deeply integrated into every monitoring and observability tool: Datadog, New Relic, Splunk, Prometheus/Alertmanager, CloudWatch, Azure Monitor, and PagerDuty all push alerts directly to on-call platforms — PagerDuty and Opsgenie credentials expose the complete incident response architecture: every escalation policy (who gets called when the first responder doesn't answer), all integration keys for every monitoring tool, runbook URLs embedded in alert definitions, and the historical incident data showing every production failure, its duration, and who responded. Warning signs: sender not pagerduty.com or opsgenie.com; genuine PagerDuty billing at app.pagerduty.com/account/billing.