Fake Carta / Pulley cap table and equity management subscription payment failed, cap table inaccessible, option exercises suspended, or stockholder data at risk phishing

Phishing emails impersonating Carta or Pulley claiming the cap table subscription payment has failed, the cap table is inaccessible, option exercises are suspended, equity data is at risk, or stockholder records are unavailable — directing them to update billing or restore access through a credential-harvesting portal. A distinct attack category targeting equity and cap table management tools used by startups and their employees. Key facts: (1) Carta serves 40,000+ companies and 800,000+ employee shareholders ($3,000-30,000+/year depending on company size) — Carta is the default cap table platform for VC-backed startups; when a company's Carta subscription lapses, the entire cap table is locked: founders, employees, and investors cannot view share counts, vesting schedules, or option grant details; this is particularly terrifying for employees whose stock options may be nearing vesting cliffs or whose recent option grants have not been exercised; (2) The 'option exercises suspended' hook is uniquely high-stakes: stock option exercise windows are time-limited (typically 90 days post-employment), and employees who have received option grants are acutely sensitive to any disruption that could affect their ability to exercise; a 'your option exercises are suspended due to billing failure' email to a startup finance admin creates immediate escalation pressure from every shareholder; (3) Pulley serves 4,000+ startups ($1,500-8,000+/year) as an alternative cap table platform gaining traction among YC and Sequoia-backed companies; a 'your Pulley cap table subscription has failed, stockholder data inaccessible' email to a Series A startup CFO targets someone managing multiple investor relationships, option pools, and 409A valuations simultaneously; (4) Cap table data is exceptionally sensitive: accessing Carta or Pulley gives attackers visibility into every shareholder's equity stake, the company's total shares outstanding and option pool, all outstanding option grants and exercise prices, and 409A valuation history — competitive intelligence that could inform hostile takeover bids, competitor hiring (knowing who holds vested options), or short-selling strategies; (5) Carta's secondary market (Carta Liquidity) allows shareholders to sell private company shares — compromised Carta credentials also give attackers access to active liquidity events and tender offers. Warning signs: sender not carta.com/pulley.com; genuine Carta billing at app.carta.com/settings/billing; Pulley billing at pulley.com/settings.