Back

News: Phishing season is open. Don’t feed the phish.

Published: 03/09/2025

Scammers want your password and wallet. You’re smarter. Read this, stay safe, carry on.

First, what phishing is

A fake message that pretends to be legit to make you click, sign in, or pay. The link goes to a copycat site. You type details. They steal them. Simple. Malicious links now beat attachments as the top delivery method.

What NivaCity will never do

  • Randomly deactivate your mailbox. Not happening.

  • Email “confirm or we’ll shut you down.” No. (if we ever do, we will be pretty clear about what you did) 

  • Ask for passwords, one-time codes, or full card numbers by email. No again.

  • Announce surprise prizes. Your inbox isn’t a lottery and knowing your luck , the chances of this are zero. 

How to spot the real us

  • Sender: We send from [email protected], [email protected], or other @nivacity.com addresses. If it’s not @nivacity.com, it’s not us.

  • Link: Hover first. The real thing ends in nivacity.com. If unsure, type clientzone.nivacity.com or support.nivacity.com yourself.

Today’s scam playlist (learn these, ignore them)

  • “Mailbox will be closed in 24 hours” → fake login page steals your credentials.

  • QR-code phishing (quishing) → scan a QR from an email, PDF, or sticker on a parking meter, land on a spoofed site. Losses are rising. Don’t scan random codes.

  • Callback phishing → email tells you to “call billing.” The phone operator is the attacker. They walk you into trouble.

  • OAuth consent phishing → “Approve this app to continue.” You click Consent, attackers get account access even with MFA.

  • Business Email Compromise → “New bank details” or “urgent invoice.” Always verify out-of-band. Losses remain huge.

Quick rules before you click

  • Slow down. Urgency is bait.

  • Check the full sender address, not just the name.

  • Hover over links. If text and URL don’t match, walk away.

  • Treat unexpected attachments and QR codes like strangers at your door.

If you clicked or replied

  1. Change your email and ClientZone passwords now.

  2. Turn on 2-step verification where available.

  3. Run a full malware scan.

  4. Tell us. We’ll help secure your services.

Manage and learn

  • Manage services or open a ticket: clientzone.nivacity.com

  • Guides for DirectAdmin, email security, and WordPress hardening: support.nivacity.com

Report suspicious mail to [email protected] with full headers if possible.

Stay sharp. We’ve got your back.