Making a website that looks just like a well-known legitimate one is a known scamming method which cyber criminals have been using for quite a while. Most of these fraudulent sites also have an official-looking address meant to make users believe they are the real deal. Those who don't catch on in time can type in their confidential information (user name, password, bank information, etc.) on the clone websites and usually end up with their money stolen or having to pay for stuff that the hackers bought.
Being one of the largest digital wallets in the world, PayPal is also one of the most targeted websites when it comes to this type of fraud. Recently, the company seems to have started a war against illegal sites and have managed to shut down quite a few. According to a blog post written by the people from OpenDNS (a security company that focuses on suspicious domain names registration), most of the websites that got taken down from the Internet were using complicated software kits in order to create pages as similar to PayPal as possible without actually copying the cod, thus avoiding triggering any kind of alarms.
Two of the most credible websites: redirectly-paypal.com and security-paypal-center.com were registered through a service called Wix.com. (Both are no longer active at this time.) A number of other sites used a service Enom in order to host their pages. Even though it is not exactly their job to keep an eye out for these kind of hoax domains, doing so might be in the best interest of hosting services as it will not only keep their customers safe, but also ensure that their brand names don't get tarnished. Unfortunately, the people who created the fraudulent websites haven't been identified yet.