This phishing technique has been exploited since the beginning of time! What's surprising is people don't check the URL on top of their browser. Before entering your password, also check is the site is secure (begins with https://).