I'm a n00bie and it reads as an obvious scam. But still, unless you're clicking an .exe how would going to a site take over your account? If it could be done that easily then the accounts aren't particularly safe. And wouldn't it be better for the scammers to put in a keylogger and go after your bank accounts?
I'm assuming the user went to the site; went through a "credentialing" process to get the coin, and in so doing, gave up his wallet info.