When I worked for a University we found that students were quite willing to give their details to any official looking web page.
When we investigated we found that the mimicry of phishing pages were quite good. It would take the spammers and fraudsters about an hour to reproduce a login page once we had made changes. I can see why some of the students and staff were hoodwinked. Having said that it didn't stop me from lecturing them on security.