Fake Calm or Headspace meditation app subscription suspended — Premium or Plus plan payment failed, sleep stories inaccessible, guided meditations blocked, mindfulness content no longer available due to billing failure phishing

Phishing emails impersonating Calm or Headspace claiming the Premium or Plus plan subscription has been suspended, sleep stories are no longer accessible, guided meditations are blocked, or Daily Calm/Daily Headspace sessions are unavailable due to a billing failure — directing victims to update payment through a credential-harvesting portal. A novel attack category covering wellness app subscription phish with no existing dedicated signal. Key facts: (1) Calm has 100M+ downloads with an estimated 4M+ premium subscribers at $14.99/month or $69.99/year — Calm Premium unlocks all sleep stories (including celebrity narrators like Matthew McConaughey and LeBron James), the full meditation library (500+ guided sessions), daily mindfulness exercises, and the 'Daily Calm' program; a 'Calm Premium expired, sleep stories no longer accessible' email is credibly alarming for subscribers who depend on Calm for sleep aid; (2) Headspace has 70M+ downloads with an estimated 2M+ subscribers at $12.99/month or $69.99/year — Headspace Plus unlocks the full guided meditation library (500+ sessions), sleepcasts, Focus music, and Headspace's clinical content backed by peer-reviewed research; both platforms send legitimate annual renewal emails that attackers mimic; (3) The wellness app attack is psychologically distinct from all other subscription phish: meditation app users are disproportionately high-anxiety individuals who use the app precisely to manage anxiety — receiving a 'your meditation access has been suspended' email is a form of meta-anxiety attack, using the content the user relies on for stress relief as the lure; this emotional specificity makes the phish unusually disorienting; (4) Calm and Headspace both integrate corporate wellness programs: Calm for Business (enterprise), Headspace for Work — B2B billing administrators receiving a 'Calm for Business subscription suspended' email face urgency on behalf of hundreds of employees enrolled in the program; (5) Annual subscription renewal is the primary attack surface: both Calm and Headspace offer annual plans at $69.99/year that auto-renew — a 'annual subscription payment has failed' email arriving near renewal time mimics the legitimate renewal notification format exactly, including the annual price and renewal date; (6) Calm and Headspace credentials expose behavioral health data: the apps track which meditations users complete, sleep patterns (Calm's Sleep Score), anxiety levels, and progress through multi-week programs — this behavioral data has privacy value, and account access may also expose Apple Health or Google Fit integrations that provide broader health data access. Warning signs: sender not calm.com or headspace.com; genuine Calm billing at calm.com/account; Headspace billing at headspace.com/my-account.