Fake Workday HCM and enterprise payroll platform subscription payment failed, tenant licenses suspended, payroll and workflows disabled, or Workday tenant access no longer active phishing

Phishing emails impersonating Workday claiming the HCM and enterprise payroll platform subscription payment has failed, tenant licenses are suspended, payroll and workflows are disabled, or Workday tenant access is no longer active — directing them to update billing or restore access through a credential-harvesting portal. A distinct attack category targeting the enterprise HCM platform used by Fortune 500 companies to run payroll, HR, financial management, and workforce planning — Workday tenant suspension simultaneously stops payroll processing for all employees, disables all HR workflows, freezes the financial management layer, and takes offline the workforce planning dashboards that senior leaders use for headcount decisions, creating both immediate payroll liability and executive-level disruption. Key facts: (1) Workday serves 10,000+ enterprise customers ($300,000-$5,000,000+/year) including Bank of America, Netflix, and Amazon as the dominant enterprise HCM and financial management platform for large employers — Workday's architecture runs a single named tenant per customer that contains the complete HRIS (every employee record, compensation history, performance review, and organizational hierarchy), the payroll engine (real-time payroll calculation for all employees in all countries), the financial management system (budget, procurement, expenses), and the workforce analytics layer; a tenant suspension takes all of these offline simultaneously; (2) The 'tenant licenses are no longer active, payroll disabled' hook creates the highest-urgency HCM suspension scenario: Workday payroll runs on defined cycles (weekly, bi-weekly, semi-monthly) with hard deadlines — if a payroll cycle is missed because the Workday tenant is suspended, employees do not receive their paychecks on the expected date; for a 50,000-employee company, a missed payroll run creates legal employment liability across every jurisdiction and immediate employee relations crisis; HR teams that receive a 'Workday tenant licenses no longer active' email on the Thursday before a Friday payroll run experience maximum urgency; (3) Workday HCM suspension affects every HR function simultaneously: the talent acquisition team loses access to the recruiting module (Workday Recruiting) and cannot process pending job offers or complete onboarding paperwork; the performance management cycle (Workday Performance) stops and all in-progress review workflows are inaccessible; employee self-service portals where employees access their pay stubs, update direct deposit, and manage benefits enrollment go offline; the HR operations team cannot process any employee lifecycle events (new hires, terminations, promotions, transfers) during the suspension period; (4) The 'Workday tenant' terminology is specifically plausible to enterprise HR and IT administrators: Workday uses 'tenant' as the standard term for a customer instance, and legitimate Workday administrative notifications use this terminology; IT administrators who receive Workday license renewal reminders and tenant health notifications recognize 'tenant licenses are no longer active' as the exact framing Workday would use for a license compliance issue; (5) Workday credentials expose the complete enterprise people and financial data architecture: every employee personal record including SSN, date of birth, home address, bank account numbers for direct deposit, salary and compensation history, performance ratings, and disciplinary records, the complete organizational hierarchy including confidential succession plans and compensation bands by level, all financial management data including budget allocations and procurement history, and the integration credentials connecting Workday to payroll processors, benefits administrators, and financial systems. Warning signs: sender not workday.com or myworkday.com; genuine Workday billing through direct customer success manager contact or workday.com/account.