Fake Klarna / Afterpay / Affirm / Zip / Sezzle Buy-Now-Pay-Later suspension lure — "account suspended / missed payment / forwarded to collection, verify bank details within 24 hours" targeting 360M+ Klarna + 24M+ Afterpay NA + 17M+ Affirm users; bank-routing + SSN-last-4 + debit-card harvest enables ACH drain + identity fraud for new BNPL accounts

Fake "your Klarna / Afterpay / Affirm / Zip / Sezzle / PayPal Pay in 4 / Shop Pay Installments Buy-Now-Pay-Later account has been suspended due to a missed payment — verify your bank details within 24 hours or face collection action" email targeting BNPL users. With 360M+ Klarna users, 24M+ Afterpay in North America, 17M+ Affirm users, BNPL is one of the fastest-growing consumer credit segments 2024-2026. BNPL users skew younger and less credit-savvy, and the "collection threat" framing exploits real anxiety — a missed BNPL payment IS a real event, and platforms DO send genuine missed-payment emails regularly, so attackers can mimic the exact template. Harvests full bank-routing details + SSN-last-4 + linked debit card. Post-compromise attackers: (1) drain the linked bank account via ACH; (2) open additional BNPL accounts under the stolen identity to burn on quick-resale goods; (3) sell the full KYC bundle on dark markets. Fires when body references Klarna / Afterpay / Affirm / Zip / Sezzle / Quadpay / PayPal Pay in 4 / Shop Pay Installments / BNPL / installment plan / split pay AND contains suspension / missed-payment / collection-action / verify-bank-details / payment-failed urgency. Excludes klarna.com + regional variants, afterpay.com + regional, affirm.com, zip.co, quadpay.com, sezzle.com, paypal.com, shop.app. Auto-classified as danger via the `-lure` suffix.