From the author's comment on the original article[1]
"This link could very well have been sent as spam or through a rogue ad. That’s not how I discovered it though. The phone number used in this scam matched one that I had tracked previously. It’s only after (by going to the root of that domain which was not protected) that I discovered that there was also a phishing scam in there."
Edit:You might wanna scroll up a bit becasue the site header is blocking the comment.