Fake Miro / Figma design and collaboration tool subscription payment failed, workspace licenses no longer active, team access suspended, or design file access disabled phishing

Phishing emails impersonating Miro or Figma claiming the design and collaboration tool subscription payment has failed, workspace licenses are no longer active, team access is suspended, or design file access is disabled — directing victims to update billing through a credential-harvesting portal. A distinct attack category targeting the design and product collaboration layer used by every product team: Miro is the dominant online whiteboard and visual collaboration platform, and Figma is the dominant UI/UX design tool for product teams worldwide. Key facts: (1) Miro serves 60+ million users (250,000+ paying organizations at $8-16/user/month) as the collaborative whiteboard platform where product teams run sprint planning, user journey mapping, mind mapping, and design thinking workshops — a 'Miro workspace licenses no longer active' email implies that every active whiteboard and collaborative session is simultaneously inaccessible; (2) Figma serves 4+ million paying users (at $12-45/user/month for Professional/Organization/Enterprise) and is used by product and design teams at virtually every technology company — Figma's 'team access suspended' hook is uniquely credible because Figma genuinely bills per editor seat and regularly sends license management reminders; (3) The design file access hook creates cross-team urgency: Figma design files are shared with engineers (as the component specification source of truth), marketing teams (for brand assets), and product managers (for wireframes and prototypes) — a Figma access suspension affects every team member who references design specs in Jira, GitHub PRs, or documentation; (4) Miro's template library and facilitation tools mean workspace suspension stops in-flight workshops: a 'workspace suspended' email timed to arrive before a planned sprint retrospective or design sprint creates time-sensitive urgency; (5) Figma credentials expose the complete product design architecture: all UI component designs, prototype flows, design system tokens and component libraries, user research assets, and the branching/versioning history of every design file — a Figma credential compromise grants access to unreleased product designs before public announcement. Warning signs: sender not miro.com or figma.com; genuine Miro billing at miro.com/billing; Figma billing at figma.com/settings/billing.