Nonsensical comment.
To be clear for non-geeks:
When presented with a false sign-in prompt under such a condition, a rogue operator gets your password, likely including changing the password.
This is a rare occurrence, but important to take heed:
DO NOT SIGN IN OR CHANGE PASSWORDS UNTIL ALL CLEAR IS GIVEN BY ADMINS / JIM/ROB
Worth repeating.
If FR is permitting non SSL connections, that could be a problem. Otherwise, the account theft would have to occur from within the FR environment.