My pull request got accepted, MetaMask now blocks the site:
Great news!
Thank you for your support and fast response.
+merit
they've been doing this phishing since the dawn of time but it still works for some. it should be common sense to see something is wrong if there is the need to login again when you know you are already loggedin. the url of the website is very important to notice here.
It may be obvious for you and me, but average user can get distracted
thinking it is just a browser issue, and enter his details, resulting in his account being hacked.