Fake Pendo / WalkMe / Appcues product adoption subscription payment failed, in-app guidance and product analytics suspended, digital adoption platform offline, or user onboarding flows disabled phishing

Phishing emails impersonating Pendo, WalkMe, or Appcues claiming the product adoption subscription payment has failed, in-app guidance is suspended, the digital adoption platform is offline, product analytics are disabled, or user onboarding flows are no longer active — directing them to update billing or restore access through a credential-harvesting portal. A distinct attack category targeting product adoption and digital adoption platforms whose guides and tooltips are embedded live in production products. Key facts: (1) Pendo serves 8,000+ companies (enterprise pricing $7,000-200,000+/year for digital adoption plus analytics) as the dominant product adoption platform for SaaS companies — Pendo is embedded as a JavaScript snippet in the target company's product, delivering in-app tooltips, walkthroughs, banners, and NPS surveys to live users; a Pendo subscription suspension takes all in-app guidance offline simultaneously, meaning every live user of the product loses their tooltips, onboarding flows, and feature announcements at the exact moment the subscription lapses; this is immediately user-visible product disruption; (2) The 'in-app guidance suspended for live users' hook is unusually high-urgency because digital adoption tools are embedded in a company's live product — the consequences are visible to external customers, not just internal teams; when Pendo guidance goes dark, power users see missing tooltips, new users get no onboarding walkthroughs, and the product team loses all behavioral analytics simultaneously; (3) WalkMe serves 2,000+ enterprise customers ($10,000-100,000+/year digital adoption platform) with particular strength in enterprise software adoption training — WalkMe deployments at large enterprises automate employee training on Salesforce, SAP, Workday, and other complex enterprise applications; a WalkMe suspension halts all automated software training flows for potentially thousands of internal users simultaneously; (4) Appcues serves 1,500+ SaaS companies ($249-879+/month) as the self-service product adoption tool — Appcues is the platform used by product teams who build user onboarding without engineering resources; a suspended Appcues account means every onboarding flow, every feature announcement modal, and every NPS survey stops running; new user activation rates drop immediately; (5) Pendo and WalkMe credentials expose complete product usage analytics (which features users visit, how long they spend, where they drop off), NPS survey responses, in-app guide performance data, and the complete behavioral data stream for every user of the product. Warning signs: sender not pendo.io/walkme.com/appcues.com; genuine Pendo billing at app.pendo.io/settings/billing; WalkMe billing at console.walkme.com.