Phishing for cPanel

Login credentials phishing

Yesterday was received an email to the contact mail of the website.

The mail subject is [example.com] WARNING The domain “example.com” has reached their disk quota. (where example.com is your domain) and link inside redirects to https://anotherexample.com/wp-includes/cpanel.php?token=ааааааааааа, which redirects to cPanel login page, which is not yours.

Be aware where are you receiving emails (admin email or contacts for example), what is the address of the web page actually loaded and enable the 2FA in cPanel.

Image by mohamed Hassan from Pixabay