Yes, it's possible. In fact, there are many people who fell for such scam tactics.

But what they actually they do are modifying unencrypted part of the wallet.dat to show address which doesn't have it's private key pair.