I don't think you've been phished - especially if you weren't asked for your PIN. Also, you should NOT be accessing SR at the .to address - that is for accessing it over the clearnet which you should never, never, never do! So dangerous.