Fake Vercel / Netlify hosting and deployment platform subscription payment failed, deployments suspended, sites disabled, or project access no longer active phishing

Phishing emails impersonating Vercel or Netlify claiming the hosting and deployment platform subscription payment has failed, deployments are suspended, sites are disabled, or project access is no longer active — directing victims to update billing through a credential-harvesting portal. A distinct attack category targeting the frontend hosting and serverless deployment layer used by modern web development teams: Vercel is the dominant deployment platform for Next.js and React applications, and Netlify is the leading Jamstack and static site hosting platform. Key facts: (1) Vercel serves 100,000+ paying teams (at $20/user/month Pro, $50+/user/month Enterprise) and is the default deployment target for Next.js — Vercel's deployment suspension is uniquely catastrophic because it takes the entire web application offline for all users globally, not just the development team; a 'Vercel deployments suspended' email creates an immediate production outage scenario where the development team cannot deploy code fixes or hotpatches; (2) The 'deployments suspended' hook exploits the always-on nature of web applications: unlike a SaaS tool where suspension affects internal workflows, a Vercel or Netlify suspension takes customer-facing websites offline — for e-commerce, SaaS, or content sites, every minute of suspension translates directly to lost revenue and degraded customer experience; (3) Netlify serves 3+ million developers (at $19-99/user/month for Pro/Business) and hosts millions of websites including e-commerce storefronts built on headless architectures — a 'Netlify sites disabled' email targeting a developer who hosts customer websites creates urgency beyond their own business, as their clients' websites also go offline; (4) Both platforms integrate deeply with CI/CD workflows: Vercel auto-deploys from GitHub, GitLab, and Bitbucket pull requests; Netlify integrates with GitHub Actions and provides deploy previews for every PR — a platform suspension breaks the entire deployment pipeline for every code change; (5) Vercel and Netlify credentials expose environment variables containing every production secret: database connection strings, API keys for Stripe, SendGrid, OpenAI, and Auth providers, NextAuth secrets, and webhook signing keys — credential access to a Vercel project is equivalent to gaining access to every integrated service's production secrets. Warning signs: sender not vercel.com or netlify.com; genuine Vercel billing at vercel.com/settings/billing; Netlify billing at app.netlify.com/billing.