The best way you can do to avoid phishing websites is to type the URL MANUALLY in the address bar and still double check. DO NOT click external links.

That is the new tactic of hackers/phishing sites, using the original spelling of the URL, BUT the letters used have special characters. Not checking the URL twice or more make your account at risk. The link you've visited have a dot under letter i on fake coindesk plus above letter e and under letter a on fake MEW. You might encounter the same in the future or even worst, so be extra careful from now on.

I reported the domains in EtherAddressLookup chrome extension.

---

EDIT:
Most likely in his email account. I received a spam email from an account pretending to be Coindesk regarding "EOS Launches Airdrop, Cuts Block.one", since it was on spam folder, images and links are disabled. Also I'm not into visiting links from email, unless verification emails from trusted sources.