Fake Stripe / Square merchant account suspended, payment processing disabled, or payouts frozen phishing — fraudulent email impersonating Stripe or Square claiming the merchant account has been suspended for suspicious activity, payment processing is disabled, or payouts and bank deposits are on hold pending identity verification — distinct from PayPal/Venmo personal payment pending phishing; Stripe: 4M+ active businesses ($0 + 2.9%+30¢/transaction); Square: 4M+ sellers; merchant account suspension means zero revenue from any card transaction — the most immediate revenue-zero business emergency

Phishing emails impersonating Stripe or Square claiming the merchant account has been suspended for suspicious activity, payment processing is disabled, or payouts and bank deposits are on hold pending identity verification — directing them to verify identity or sign in through a credential-harvesting portal to restore payment processing. Distinct from fake-paypal-venmo-zelle-payment-pending-phish (personal P2P payments) — this targets business merchant payment processing. Key facts: (1) Merchant account suspension means zero revenue from any card transaction immediately: Stripe processes payments for 4M+ active businesses at $0 setup + 2.9%+30¢ per transaction; a suspended Stripe account cannot process any credit card, debit card, or digital wallet payment — every customer who tries to complete a purchase at checkout encounters a payment failure; for e-commerce businesses where 100% of revenue flows through Stripe, this is an instant revenue-zero emergency; (2) Stripe Connect payout holds create compound cash flow urgency: Stripe Connect powers marketplace and platform payouts to connected accounts ($0.25/payout); when Stripe places a payout hold for 'identity verification', existing merchant balances are frozen — revenue already earned but not yet transferred to the bank account becomes inaccessible; for businesses with tight cash flow depending on weekly Stripe payouts, a payout hold creates immediate operating capital pressure; (3) Stripe's identity verification request is a real legitimate process that attackers clone precisely: Stripe legitimately requests identity verification for new accounts and when unusual activity patterns are detected; genuine Stripe verification requires uploading government ID and business documents through the Stripe dashboard — phishing emails clone this exact flow with fraudulent document upload forms that harvest identity documents and payment credentials simultaneously; (4) Square's 4M+ sellers ($0 + 2.6%+10¢ per swipe) rely on Square for in-person payments at retail locations, restaurants, and service businesses; a suspended Square account prevents the merchant from accepting any in-person card payment — for brick-and-mortar businesses during peak hours, this creates immediate customer-facing service failure; (5) Stripe dashboard credentials give attackers access to all customer payment data, refund issuance controls, payout destination account management, and the ability to redirect future payouts to attacker-controlled bank accounts. Warning signs: sender not stripe.com or squareup.com; Stripe never requests account verification via email — all verification is done through the Stripe dashboard; genuine Stripe suspension notices include specific transaction IDs or dispute details.