I just tried clicking your "Paypal" link in Chrome 25, Firefox 19, and IE9. All of them allowed the href to change and went to what could have been the phishing site. Then I went back and tried right-clicking the "Paypal" link and open in a new tab. All 3 browsers went to Paypal.
I like your suggestion to have behavior changed so the browsers don't allow the href to be changed to another domain without warning the user. Until that happens, maybe opening links in a new tab (or window) is a good practice.
I like your suggestion to have behavior changed so the browsers don't allow the href to be changed to another domain without warning the user. Until that happens, maybe opening links in a new tab (or window) is a good practice.
Enjoy!