Fake Medallia / Qualtrics CX and experience management platform subscription payment failed, platform licenses suspended, surveys and feedback programs disabled, or experience management access no longer active phishing

Phishing emails impersonating Medallia or Qualtrics claiming the experience management platform subscription payment has failed, platform licenses are suspended, surveys and feedback programs are disabled, or experience management access is no longer active — directing them to update billing or restore access through a credential-harvesting portal. A distinct attack category targeting the enterprise experience management platforms that CX, HR, market research, and product teams use to collect and act on structured feedback at scale — suspension simultaneously halts every active survey, closes every feedback channel, and disables every dashboard tracking NPS, CSAT, and employee engagement scores across the organization. Key facts: (1) Medallia serves 1,000+ enterprise customers ($200,000-$2,000,000+/year) including Mercedes-Benz, Delta Air Lines, and Marriott as the dominant enterprise CX and experience management platform built around real-time operational feedback — Medallia collects customer and employee signals across every touchpoint (post-transaction surveys, in-app feedback, customer support transcripts, social signals) and routes individual feedback records to frontline teams for immediate action through its role-based dashboard system; a Medallia license suspension disables all active survey programs, halts real-time feedback routing to operations teams, and prevents CX leaders from accessing the NPS and CSAT trend dashboards they use to track service quality; (2) The 'platform licenses are no longer active' hook carries concentrated urgency for enterprise CX teams: Medallia programs are typically running continuously across multiple touchpoints with hundreds of active respondents per day; a license suspension immediately creates a gap in the feedback record that cannot be retroactively filled — post-transaction surveys that should have captured feedback from thousands of customer interactions during the suspension period are permanently lost; companies with contractual NPS reporting obligations to board or investor audiences face a data gap that explains a sudden metric flatline; (3) Qualtrics serves 18,500+ customers ($1,500-$500,000+/year) including BMW, Spotify, and the U.S. federal government as the XM (experience management) platform covering customer experience, employee experience, product research, and brand research in a single unified platform — Qualtrics EX (employee experience) programs including annual engagement surveys, pulse surveys, and manager effectiveness surveys sit alongside CX programs in the same platform; a Qualtrics subscription suspension halts all active survey distributions, prevents respondents from completing surveys that are mid-way through their response window, closes all XM dashboards, and disables all automated action planning workflows; (4) The 'surveys and feedback programs disabled' hook is uniquely time-sensitive for research teams mid-fieldwork: Qualtrics surveys often have defined collection windows (an annual employee engagement survey with a 2-week response window, a customer satisfaction study with a 5-day fieldwork period) where suspension during active data collection creates permanent sample loss — every day the survey is inaccessible is a day of responses that cannot be recovered; (5) Medallia and Qualtrics credentials expose the complete enterprise feedback architecture: every active survey instrument including question wording and skip logic revealing proprietary research methodology, the complete respondent list for HR surveys including all employee names, roles, and demographic attributes, all CX program metrics including current NPS scores and the trend data against which executives judge performance, the text analytics models trained on customer verbatim feedback, and the integration tokens connecting to Salesforce (closed-loop ticketing), SAP (HR system of record), and Slack (real-time alert routing). Warning signs: sender not medallia.com or qualtrics.com; genuine Medallia billing at login.medallia.com/account/billing; Qualtrics billing at login.qualtrics.com/account/billing.