Fake Databricks Lakehouse Platform subscription payment failed, workspace suspended, clusters paused, Unity Catalog access disabled, or MLflow experiments unavailable phishing

Phishing emails impersonating Databricks claiming the Lakehouse Platform subscription payment has failed, workspace is suspended, clusters are paused, Unity Catalog access is disabled, or MLflow experiments are unavailable — directing victims to update billing through a credential-harvesting portal. A distinct attack category targeting the unified data analytics and AI/ML platform used by data engineering and machine learning teams at thousands of enterprises: Databricks is the world's leading open lakehouse platform and the dominant managed platform for Apache Spark, Delta Lake, and MLflow. Key facts: (1) Databricks serves 10,000+ customers including more than 40% of the Fortune 500 (at $0.05-$0.55/DBU compute pricing that scales to $1,000,000+/year for large deployments) — Databricks' DBU (Databricks Unit) consumption-based billing model means organizations regularly interact with cost management and billing notifications, making a 'workspace suspended due to billing failure' email operationally familiar; (2) The workspace suspension hook creates a multi-team emergency: Databricks workspaces are shared across data engineering teams (building ETL pipelines with Delta Live Tables), data science teams (training ML models with MLflow), data analysts (running SQL Analytics queries), and platform engineers (managing Unity Catalog governance) — a single workspace suspension simultaneously stops production data pipelines, active model training jobs, and all SQL Analytics queries across every team; (3) Databricks Unity Catalog is increasingly the governance layer for the entire organizational data estate: Unity Catalog manages access controls, lineage tracking, and data discovery for both Databricks workloads and external query engines (BigQuery, Redshift, Athena via Delta Sharing) — a 'Unity Catalog access suspended' hook creates an organization-wide data governance emergency beyond just Databricks; (4) MLflow experiment suspension creates time-sensitive urgency for ML teams: active model training runs consume significant compute and may have been running for hours or days; a 'MLflow experiments suspended due to billing' email creates urgency that a data scientist might act on quickly to preserve in-progress training; (5) Databricks credentials expose the complete organizational AI/ML intellectual property: all MLflow experiments and registered model versions (including unreleased production models), all Delta Lake tables containing proprietary datasets used for model training, all Databricks notebooks containing data transformation logic and feature engineering code, and all cluster configurations and job schedules revealing the production pipeline architecture — a Databricks credential compromise grants access to the organization's complete AI development history and proprietary training data. Warning signs: sender not databricks.com; genuine Databricks billing at accounts.cloud.databricks.com.