Zyra's site //// Bank Hoax emails //// Student Stuff //// Site Index

Unlock Your Student Finance Account Now

Another ridiculous e-mail Scam phishing message


You're obviously quite clever to have achieved the levels of academic education to become a Student. However, cleverness isn't just for exams and coursework. It's something to use in life to survive and to defend yourself against various perils.

So, if you receive a message in your e-mail bucket that says "Unlock Your Student Finance Account Now" and "Your Profile is Locked", surely you'd have the good sense to know that it's a fake, a fraud, and inherently dodgy? Well you should, and it is.

Here's an example of the hoax message...

Dear Account Holder,

YOUR PROFILE IS LOCKED

For your security, your online banking profile has been locked due to inactivity or because of too many
failed login attempts.

CLICK HERE TO UNLOCK YOUR ACCOUNT IMMEDIATELY

Failure to do so may lead to account disconnection.
YOUR SECURITY IS IMPORTANT
Directgov UK 2011

Here are a few questions which will only take you a short time to complete:

1. If a message arrives that says "Dear Account Holder", does the sender know your name?

2. Who sent the message? Discuss the theory that a domain such as serviceupdate.co.uk is a pending domain at 123-reg and how this might affect the credulity of the alleged government funding.

3. What time zone in the world is -0700 ? How far West of the Greenwich Meridian in London is that line of longitude? Estimate approximately how many British government agencies are located in that part of the world.

4. Looking at the link in the actual e-mail, where the link says "CLICK HERE TO UNLOCK YOUR ACCOUNT IMMEDIATELY", if you hover over the link and it says http://sadaf-group.ir ...

a) Does this mean the British student loans are managed from Iran? (.ir domain)

b) What does all-capitals imply?

c) How likely (on a percentage scale of 0-100%), do you think that makes it to be from the direct.gov.uk Student Finance site?

5. Where the message says "Failure to do so may lead to account disconnection", does this sound like a British government linguistic idiom?

6. For the next question, consider this e-mail message html source-code:

From - Mon Sep 26 11:41:28 2011
X-Account-Key: account2
X-UIDL: UID34730-1301168918
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:                                                                                 
Return-path: <Directgovuk@serviceupdate.co.uk>
Envelope-to: Zyra
Delivery-date: Sun, 25 Sep 2011 23:32:01 -0700
Received: from mailrelay.embarq.synacor.com ([208.47.184.3])
	by server.vivostar.net with esmtp (Exim 4.69)
	(envelope-from <Directgovuk@serviceupdate.co.uk>)
	id 1R84jR-0003sJ-Id
	for Zyra; Sun, 25 Sep 2011 23:32:01 -0700
X-BINDING: 
X-Spam-Rating: None
X_CMAE_Category: 0,0 Undefined,Undefined
X-CNFS-Analysis: v=1.1 cv=TAqDtKSIyvinExMGktXEamPIDOPir0KatlwtpAX8CTo= c=1 sm=0 a=Dyoqhi_TatcA:10 a=5gTIo1-M2boA:10 a=ao5bEg-GU4YA:10 a=Cfj4BQAnxiAA:10 a=MEr3CPSVeVlgRTkQ0yVAIw==:17
a=iHu-SL4lAAAA:8 a=rB62Eh67IBlSw8z_VYIA:9 a=9uDcvzz5Bl_aKM8-owAA:7 a=Ft8UYL4EG9YA:10 a=AvX34BrQVlvT2goo:21 a=Nq8qoHA-AKTbHTWm:21 a=MEr3CPSVeVlgRTkQ0yVAIw==:117
X-CM-Score: 0
X-Scanned-by: Cloudmark Authority Engine
Authentication-Results:  smtp02.embarq.synacor.com smtp.user=emseducate; auth=pass (LOGIN)
Received: from [31.41.9.112] ([31.41.9.112:2890] helo=User)
	by mailrelay.embarq.synacor.com (envelope-from <Directgovuk@serviceupdate.co.uk>)
	(ecelerity 2.2.2.40 r(29895/29896)) with ESMTPA
	id 98/46-04255-56B108E4; Mon, 26 Sep 2011 02:31:44 -0400
From: "Directgov UK"<Directgovuk@serviceupdate.co.uk>
Message-ID: <98.46.04255.56B108E4@smtp02.embarq.synacor.com>
Subject: Unlock Your Student Finance Account Now.
Date: Mon, 26 Sep 2011 07:31:43 +0100
MIME-Version: 1.0
Content-Type: text/html;
	charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000

<html>

<head>
<meta http-equiv="Content-Language" content="en-us">
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>New Page 41</title>
</head>

<body>

<p><font size="2">Dear Account Holder,<br>
<br>
<b>YOUR PROFILE IS LOCKED </b><br>
<br>
For your security, your online banking profile has been locked due to inactivity 
or because of too many<br>
failed login attempts. <br>
<br>
<b><a href="http://sadaf-group.ir/admin/index.html">CLICK HERE TO UNLOCK YOUR 
ACCOUNT IMMEDIATELY </a></b><br>
<br>
</font><b><font size="2">Failure to do so may lead to account disconnection. <br>
</font></b>
<span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: 'Times New Roman'; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal;
line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing:
0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; font-size: medium; ">
<span class="Apple-style-span" style="font-family: Arial, Helvetica, sans-serif; font-size: 12px; font-weight: bold; ">
YOUR SECURITY IS IMPORTANT<span class="Apple-converted-space">&nbsp;</span><br>
 Directgov UK 2011</span></span></p>

</body>

</html>

Using your creative comprehension skills, determine some of the factors that could result in the senders of the fraudulent message being caught-out and brought to justice. (Hint: detailed knowledge of html is not required to answer this question).

* * *

Here are some answers to questions which you may wish to ask about the Student Finance Account Profile Locked phony e-mail:

Obviously it's not from the British government direct.gov.uk student finance system. Most of the recipients are not in the UK and a large number of them are not students. The message is a phishing attack, and the purpose of it is to panic a few students into visiting a bogus website and giving away their personal details.

If you receive such a message, ignore it. Or, better still, forward it to the people at http://www.slc.co.uk/contact.aspx where they deal with stomping on such fraudulent things.

Don't click on the link in the message, but if you have already, then don't panic. You need to go to the official site which is www.direct.gov.uk/studentfinance and change your password. That way, if you've given away your secret password, it's not much use to the scamsters who have swindled you into giving away your old password.

A few helpful links about all this include...

The online security page at: www.direct.gov.uk/studentfinance

and also Get Safe Online.org

There's also a phone number for the Student Finance England, which is 0845 300 50 90

Plus, if you have opened up links in emails of this type and you are wondering about whether the computer has caught a virus, see anti virus software

There are some further tips on avoiding viruses and scam tricks in e-mail at the pages of antivirus measures and there are some carefully stuffed and mounted rogues e-mails at the Rogues Gallery which can be viewed safely.


The pages at Zyra's website are safe to link to as there is a sensible deep linking policy. You are welcome to inform other people about the location of this page. Let's hope it helps to warn people and save them from being ensnared by these wretched e-mails. You can copy the location of this web page by using the browser address bar ctrl-C and then [paste]