Does Sci-Hub phish for credentials? | Sauropod Vertebra Picture of the Week

"The Chronicle of Higher Education‘s piece on Sci-Hub contains a disturbing claim that I’ve not seen elsewhere. I’ll quote: Edward Sanchez, head of library information technology at Marquette University, says his biggest concern about Sci-Hub is how it obtains access to library databases, through a phishing campaign. He says that many colleges have been targeted by Sci-Hub. In one case at Marquette, a professor received an email stating that he or she needed to update his or her university user name and password by following a link. Once on the site, which was actually in New Zealand, the faculty member typed in new credentials, which were then captured by what the publisher later linked to Sci-Hub. “Then you start seeing your downloads going to unusual locations or downloads that are occurring in huge quantities — thousands of downloads,” Mr. Sanchez says. If this is true, then it certainly undermines the narrative of Sci-Hub as hero. I was sceptical in part because the image of Sci-Hub downloading thousands of articles from a single account didn’t match with my understanding of how it works. So I emailed both Edward Sanchez and Sci-Hub founder Alexandra Elbakyan, asking for clarification. I reproduce the relevant parts of these correspondences, with permission from both correspondents. Their comments are in bold, my own questions in regular font ..."