Security Reminder: Stay Alert about Fake Ken’s Study Journey Websites and Emails

Simply Speaking

Ken’s Study Journey is aware of scam telephone calls received recently by university friends.

It will rigorously (strictly) check any fake websites, emails, apps, mini-programs, etc. pretending to be Ken’s Study Journey.

Always verify the email sender (from kenstudyjourney.cn) and check the official website when you receive and open Ken’s Study Journey emails.

Ken’s Study Journey does not have phone numbers publicly available, and so will never call users. Hang up immediately when receiving calls from “Ken’s Study Journey”.

Be careful of unofficial similar names in emails (e.g. Ken Study, Ken’s Studying Journey).

Email me if you have questions/doubts or discover fake websites/emails.

Dear students, teachers, and visitors,

Thanks for choosing and using Ken’s Study Journey services!

It has recently come to my attention that some of my university friends have received scam telephone calls.

According to my analysis and prediction, the scammers may, knowing the phone number digits in a region, use trial-and-error to find the numbers.

Although no fake Ken’s Study Journey websites have been discovered since 2019, Ken’s Study Journey is here to remind users to stay alert about fake websites and emails, enforcing the Terms of Service:

• Section 21: “Anti-Fake and Anti-Phishing”; and
• Section 16: “Prohibited Actions”:
  12. Make and publicise counterfeit (fake) Ken’s Study Journey websites, account login pages, apps, embedded mini programs, etc. to defraud visitors and/or users;
  13. Send phishing emails impersonating my personal brand (Ken’s Study Journey) against users

Ken’s Study Journey has already added some (generated) examples of fake/phishing emails on Ken’s Study Planner “Signed Up” page in early 2023.

Ken’s Study Journey will stay vigilant and rigorously check (and report) any fake websites, emails, apps, mini-programs, and so on (impersonating Ken’s Study Journey and its sub-brands), helping students shape and enjoy a safe study pathway.

For more information, please check the “Anti-phishing” page, including how to check a website’s ICP Registration:
https://www.kenstudyjourney.cn/en/anti-phishing/

Statements

Ken’s Study Journey (including its sub-brands, from 2024 onwards):

• must respond to user emails sent to my contacts within 7 days generally;
• currently does not have phone numbers (and meeting/messaging platform accounts) publicly available;
  - you must contact Ken’s Study Journey via email.
• never makes telephone/Internet calls or sends physical items by post to users;
• does not have domain names ending with “.onion” (for Tor);
• uses the domain name “kenstudyjourney.cn” for both website and email (old domain names: kenstudyjourney.com and kendeng1603.com):
  • @kenstudyjourney.cn for general (enquiry) emails; and
  • @email-send.kenstudyjourney.cn for system emails;
  • Note: Sub-brands (from 2024) may have separate email suffixes.
• is non-profit and non-commercial, where no money exchange and profits are allowed;
• never asks for your bank/payment accounts (including bank cards);
• never asks for the verification codes via email (replies), phone calls, etc.
  
- you must input the codes on the website.
• never prevents a student from studying normally;
• never promotes activities and services related to academic misconduct/dishonesty;
• is generally available in more than one language (with language options) on websites and services;

  - Currently Available: English and Chinese-Simplified (简体中文)
• supports IPv6 (with IPv6 address(es) and DNS AAAA record(s));
• has the website ICP Registration (in Guangdong Province, China).

You:

• must see the equivalent notifications on the website, app, etc. (e.g. planner.kenstudyjourney.cn for Ken’s Study Planner) in case of an account issue (even if it is urgent);
• must see the equivalent newsletter on kenstudyjourney.cn/newsletter;
• must see the equivalent new device(s) in “Settings”-“Manage Logged in Devices” if someone logged in to your account;
  

My Security Tips

• Make sure the web address starts with HTTPS (i.e. “https://”) (if available);
  
(Ken’s Study Journey has HTTPS with TLS 1.2 and above enabled)
  
• Check the email source/sender (from @kenstudyjourney.cn or 
@email-send.kenstudyjourney.cn for Ken’s Study Journey) before responding to it;
  
• Check the Validity with the bottom unique code of Ken’s Study Journey system emails on the official website (except for 6-digit verification codes);
  
• Check the notifications on the official website, app, etc. (e.g. Ken’s Study Planner) if you are notified about your account issues;
• Check the website’s ICP Registration (for websites in China Mainland only, including Ken’s Study Journey) at https://beian.miit.gov.cn;
  
- do not check the registration number directly, check the domain name instead
  
• Forward the email claiming to be Ken’s Study Journey (including its sub-brands from 2024) to my contacts for verification if you have doubts (especially urgent emails);

  - Ken’s Study Journey must respond to you within 7 days normally.
• Hang up immediately if you receive calls (whether voice or video) from Ken’s Study Journey.
  
- Ken’s Study Journey does not have phone numbers publicly available.
• Be careful of unofficial similar names in emails, e.g.
  • Ken Study
  • Ken Study Journey
  • Ken’s Studying Journey
  • Ken’s Study Trip
  • Ken Study Plan
  • Ken’s Study Planning
  • Although these names may be commonly used by users in informal oral communication, they are also used by phishing/scam emails.
  • Official Name: Ken’s Study Journey (Ken的学习之旅)

If you Discover a Fake Website/Email

If you believe a Ken’s Study Journey website/email you visited/received is not real/official, you should:

• not enter any personal information (e.g. password, bank account);
• not click any link on or reply to this email;
• report this fake website/email to my contacts;
  - This will protect your account and data, and ensure the security of others.
• open the official website (e.g. Ken’s Study Planner) and change your password immediately.

Reminders

Ken’s Study Journey reserves the right to report any fake websites, emails, etc. according to Section 18 in Terms of Service.

Any online attacks (e.g. (D)DoS or similar attacks) disrupting Ken’s Study Journey service normal operations may be subject to legal action. (Learn More)
- The incident may be reported to ISPs and/or authorities (e.g. Internet Police).

According to the SPF and DMARC security policies, Ken’s Study Journey may be notified (by the email receiver’s ISP/provider) if someone forges the email header (impersonating kenstudyjourney.cn domain name).

Ken’s Study Journey may set up a “Reminder board of Fake Ken’s Study Journey Websites, Apps and Emails” to remind users with examples if it receives and confirms a user report of or discovers such counterfeits.

For more information, please check the “Anti-phishing” page, including how to check a website’s ICP Registration:
https://www.kenstudyjourney.cn/en/anti-phishing/

Thanks for your attention to this important matter, helping students shape and enjoy a safe study pathway.

You can contact me for any questions/doubts or if you discover fake websites, emails, etc.

Ken’s Study Journey

22 November 2023

Hong Kong, China (branch)

Did you Know?

The ITSC of one of the Hong Kong universities (not my university) regularly conducts mock phishing/scam (fake) email drills/exercises.

The email receiver will be required to take a phishing email identification quiz later (organised by the ITSC) once the link in a fake email has been opened.

Learn More 

For example, an email was sent from “@spoint.site” (fake) rather than “@sharepointonline.com” (correct, official), and misspelt the sender’s name “SharePonts OnLine” and a file name: “2023_Chritsmas_holday.pdf”, where:

• “SharePonts” should be “SharePoint”.

• “Chritsmas” should be “Christmas”; and
• “holday” should be “holiday”.

Similarly, our university’s ITSC has displayed some Phishing Examples of emails (similar to the Reminder Boards).