That sounds more like phishing to me. The heuristic "do not log into an unofficial site" is something I had to learn the hard way, too. Sucks you lost an account though.
Anyway, when I was in public school, I let somebody onto my RS account, and they ended up changing the password but...