Fake Brex / Mercury / Ramp corporate banking account suspended, corporate cards frozen, or business payments halted phishing — fraudulent email impersonating Brex, Mercury, or Ramp claiming suspicious activity was detected, the corporate banking account is suspended, or corporate cards and business payments are frozen — distinct from Wise/Revolut (personal fintech) phishing; Brex: 20K+ companies ($0-50+/month); Mercury: 100K+ startups (business checking); startup corporate account suspension means inability to pay employees, vendors, contractors, or run payroll — existential business threat

Phishing emails impersonating Brex, Mercury, or Ramp claiming suspicious activity was detected on the corporate banking account, corporate cards and business payments have been frozen, or the business banking account has been suspended — directing them to verify identity or sign in through a credential-harvesting portal to restore access. Distinct from fake-wise-revolut-fintech-account-phish (personal/consumer fintech) — this specifically targets startup and business corporate banking. Key facts: (1) Corporate banking account suspension is an existential threat to startup operations: Mercury serves 100K+ startups with business checking and savings accounts that hold the company's operating capital; when a Mercury account is frozen, the company cannot initiate ACH transfers, wire payments, payroll runs, or vendor payments — a suspended Mercury account during payroll week means employees may not receive their paychecks; 'your Mercury business account has been suspended and your payroll transfer has been frozen' is one of the most urgent business-impacting phishing scenarios possible, as it threatens the company's ability to pay its own team; (2) Brex's corporate card and expense management integration creates compound urgency: Brex serves 20K+ companies providing corporate credit cards with real-time spend controls, expense management, and bill pay integrated with the corporate banking account; a Brex account suspension freezes all corporate cards across the company simultaneously — every employee using a Brex card for SaaS subscriptions, vendor payments, travel, and operating expenses loses spending capability in an instant; finance teams face urgent calls from employees whose corporate cards are declining; (3) Ramp's AI-powered expense platform creates operational control urgency: Ramp ($0/month, earns interchange) provides corporate cards with AI-powered spend analytics, vendor management, and accounts payable automation; a Ramp account suspension not only freezes corporate cards but disrupts the automated bill payment workflows managing the company's recurring vendor subscriptions; (4) Corporate banking credentials are among the highest-value phishing targets: a compromised Mercury or Brex account gives attackers direct access to business bank account controls, including the ability to initiate wire transfers to attacker-controlled accounts; corporate banking credential theft is the precursor to business email compromise wire fraud — the most financially devastating form of email-based fraud (FBI IC3 2024: BEC losses exceeded $3.08 billion, the largest category); (5) Startup founders who manage corporate banking themselves are particularly vulnerable: early-stage founders often personally manage Mercury or Brex accounts and make wire transfer decisions without corporate treasury controls; a convincing account-suspension notification received on a mobile device while traveling can trigger immediate credential entry. Warning signs: sender not brex.com, mercury.com, or ramp.com; corporate banking platforms never request credentials via email; suspicious activity always appears in the official app first.