Today I received a cpanel phishing link and I clicked on it. It redirected to another cpanel. I decide to look at the url, and here it is
redirect url
https://example.net/esg9/cpanel.php?token=foofoofoofoofoofoo
After I click, it'll redirect again
https://example.example.at:2083/cpsess1234567890/?token=foofoofoofoofoofoo
I have 5 questions:
- Is that token mine or from the sender?
- Can we produce dynamic email based on receiver? For example, the token might be generated from the header of my email (I don't know why I have theories like this)
- I clicked on the link but didn't enter my credential in that fake cpanel login. Am I safe?
- What should I do now? And what information should I seek?
- Are we doomed at the moment we click the link? (we might not enter credential, nor download any file, but our sessionid, token, etc, can the hacker get it through POST method?)
Also I informed my hosting provider about this case.