Fake WorkRamp / Docebo learning management system subscription payment failed, training licenses suspended, e-learning courses disabled, or LMS access no longer active phishing

Phishing emails impersonating WorkRamp or Docebo claiming the learning management system subscription payment has failed, training licenses are suspended, e-learning courses are disabled, or LMS access is no longer active — directing them to update billing or restore access through a credential-harvesting portal. A distinct attack category targeting enterprise learning platforms that have become mission-critical infrastructure for onboarding, compliance training, and product certification — suspension simultaneously makes every training program, compliance course, and learning path unavailable for every employee in the organization, creating regulatory exposure for companies with mandatory training SLAs. Key facts: (1) WorkRamp serves 1,000+ enterprise customers ($20,000-$200,000+/year) including Reddit, Outreach, and Lattice as the modern LMS and sales enablement platform built for fast-growing companies — WorkRamp is specifically designed for sales onboarding and enablement: a WorkRamp license suspension makes every sales training module, product certification track, and onboarding program inaccessible; new sales hires who are in the middle of a 30-day onboarding program lose access to the training sequence they depend on; the enablement team loses visibility into completion rates and assessment scores; sales reps who haven't completed required product certifications cannot access the corresponding sales plays and pitch decks in WorkRamp's content library; (2) The 'training licenses are no longer active' hook targets a specific business urgency for HR and enablement teams: many enterprise learning requirements are compliance-mandated with deadlines — GDPR awareness training, anti-harassment training, and security awareness training must be completed by specific dates; a WorkRamp suspension that blocks access to required compliance training creates organizational risk beyond IT disruption; the HR team receives the suspension notification with the greatest urgency because they are accountable for training completion rates; (3) Docebo serves 3,000+ enterprise customers ($25,000-$500,000+/year) including Amazon Web Services, Uber, and Toyota as the AI-powered enterprise LMS used by organizations with large, distributed workforces — Docebo's architecture supports external training audiences (customers and partners) in addition to employees; a Docebo Cloud suspension makes every learning plan, virtual classroom, and certification path unavailable across all configured audiences simultaneously; companies that use Docebo for customer education lose the ability to onboard new customers through self-paced training; partner certification programs that gate access to reseller resources behind course completion stop functioning; (4) The 'e-learning courses disabled, LMS access suspended' hook is particularly effective for L&D teams mid-way through quarterly training cycles: Docebo deployments often have active learning plans with enrollment deadlines and completion windows — a suspension that hits mid-cycle forces manual communication to every enrolled learner that their training is paused, creates uncertainty about whether completions recorded before suspension will be preserved, and delays the quarterly compliance reporting that HR submits to legal and compliance teams; (5) WorkRamp and Docebo credentials expose the complete organizational learning architecture: every training course and learning path revealing the onboarding sequence and product knowledge structure, learner progress data showing which employees have or have not completed required training programs, assessment scores and certification status for every employee, and the SCORM content and course materials representing significant L&D investment. Warning signs: sender not workramp.com or docebo.com; genuine WorkRamp billing at app.workramp.com/settings/billing; Docebo billing at yourdomain.docebosaas.com/admin/billing.