Fake Tesla / Rivian / Lucid / Ford BlueCruise / GM OnStar / Mercedes Me / BMW ConnectedDrive / Audi connect / Volvo Cars / Polestar / NissanConnect / HondaLink / Toyota Connect / Hyundai BlueLink / Kia Connect connected-car account-takeover lure — "your connected-car account accessed by unauthorized device, verify within 24 hours or vehicle features suspended" targeting 30M+ global connected-car accounts (4M+ Tesla, 1M+ Rivian, 50K+ Lucid, millions of legacy-OEM accounts); account controls infotainment + Supercharger billing + remote unlock + summon/drive-away + phone-as-key + cabin-camera; post-compromise = physical vehicle theft via remote unlock, Supercharger billing drain, dark-market sale $500-5K per account, cabin-camera + GPS-history exfil for stalking / burglary-timing (Vice + Ars Technica 2023-2024 documented remote-summon attacks on compromised Tesla accounts)

Fake "your Tesla / Rivian / Lucid / Ford BlueCruise / GM OnStar / Mercedes Me / BMW ConnectedDrive / Audi connect / Volvo Cars / Polestar / NissanConnect / HondaLink / Toyota Connect / Hyundai BlueLink / Kia Connect connected-car account has been accessed by an unauthorized device — verify your account within 24 hours or your vehicle features will be suspended" email targeting connected-car owners. This is a novel 2024-2026 attack vector with massive blast radius — the connected-car account controls infotainment login, Supercharger billing (Tesla), remote unlock, summon / drive-away feature, phone-as-key enrollment, and cabin-camera access. One credential compromises the physical vehicle. Global connected-car-account surface is 30M+ (4M+ Tesla, 1M+ Rivian, 50K+ Lucid, plus millions of accounts across Ford BlueCruise, GM OnStar, Mercedes Me, BMW ConnectedDrive, Audi connect, Volvo Cars, Polestar, NissanConnect, HondaLink, Toyota Connect, Hyundai BlueLink, Kia Connect). Post-compromise: (1) attacker remotely unlocks the victim's car and drives it off in-person while the owner is asleep (Vice + Ars Technica documented multiple 2023-2024 remote-summon attacks on compromised Tesla accounts); (2) the Supercharger billing or equivalent drains the owner's stored credit card; (3) the account sells on dark markets for $500-$5,000 depending on vehicle value; (4) attacker extracts cabin-camera feeds and GPS location history which enable downstream stalking and burglary-timing. Fires when body references Tesla / Rivian / Lucid / OnStar / Ford Pass / BlueCruise / Mercedes Me / BMW ConnectedDrive / Audi connect / Volvo Cars / Polestar / NissanConnect / HondaLink / Toyota Connect / Hyundai BlueLink / Kia Connect / connected car / vehicle account / remote unlock account AND contains account-accessed / vehicle-features-suspended / remote-features-disabled / Supercharger-billing-suspended / verify-account / unauthorized-device / 24-hour urgency. Excludes tesla.com, teslamotors.com, rivian.com, lucidmotors.com, lucidusa.com, onstar.com, gm.com, ford.com, fordpass.com, mercedes-benz.com, mercedes-me.com, daimler.com, bmw.com, connecteddrive.com, audi.com, audiusa.com, volvocars.com, volvo.com, polestar.com, nissanusa.com, nissan.com, nissanconnect.com, honda.com, honda-eu.com, toyota.com, toyotausa.com, hyundaiusa.com, hyundai.com, kia.com. Auto-classified as danger via the `-lure` suffix.