We'd assume they'd be using HTTPS, you can't redirect HTTPS traffic without serving an invalid certificate which most browsers will warn you of. Or a forged cert, but that's harder to do.
Unfortunately HTTPS is unable to protect you in a school/office setting, or wherever you use a computer provided to you by someone else.
In those cases, certificates can (and will) be forged very easily.
