Fake Linear / Notion productivity workspace subscription payment failed, workspace members suspended, team pages disabled, or workspace access no longer active phishing

Phishing emails impersonating Linear or Notion claiming the productivity workspace subscription payment has failed, workspace members are suspended, team pages are disabled, or workspace access is no longer active — directing victims to update billing through a credential-harvesting portal. A distinct attack category targeting the modern startup and scale-up productivity stack: Linear is the dominant issue tracker for engineering-led companies prioritizing developer experience, and Notion is the dominant all-in-one workspace platform for team documentation, project management, and knowledge management. Key facts: (1) Linear serves 25,000+ companies including Vercel, Loom, Ramp, and Retool at $8/user/month (Standard) to $16/user/month (Plus) — Linear's product is deeply integrated into engineering workflows as the primary issue tracker for product-led growth companies; a 'Linear workspace members will be suspended' email targets engineering and product teams where Linear is the single source of truth for all active work; the 'members will be suspended' hook is effective because Linear's team-centric model means a billing failure suspends every team member's access simultaneously; (2) Notion serves 35+ million users (4+ million paying teams at $10/user/month Plus, $18/user/month Business) including product teams at practically every technology company — Notion serves as the company wiki, product requirements documents (PRDs), OKR tracking, hiring process documentation, and engineering runbooks for millions of teams; a 'Notion workspace access will be disabled' email is a company-wide knowledge access emergency; (3) Linear's GitHub and Figma integrations mean a Linear credential compromise exposes engineering context across tools: Linear API keys are used in GitHub Actions workflows to auto-create issues from CI failures, in Slack to create issues from customer feedback, and in Sentry to link issues to error tracking — a single Linear credential grants access to the complete product development context; (4) Notion's position as company wiki means Notion credentials expose the highest-sensitivity internal knowledge: employee handbook (salary bands, equity structures), investor updates, board materials, acquisition discussions, product roadmaps with unannounced features, and all customer-related strategic notes. Warning signs: sender not linear.app or notion.so; genuine Linear billing at linear.app/settings/billing; Notion billing at notion.so/pricing.