I would guess someone is trying to hide a phishing page in a frontpage looking folder rather than it actually being a frontpage issue.