Detects inbound HTML messages that deliberately obfuscate content by weaving clusters of invisible Unicode characters (e.g., U+2065, U+200E, U+200F, U+2066–U+2069, U+200B–U+200D, U+FEFF) into digit sequences and within text matching patterns related to 'student loan'. The rule requires body.html.raw to contain three consecutive invisible characters and a digit sequence with 1–6 invisible characters between digits, and also a case-insensitive obfuscated form of 'student loan' where letters are separated by up to several non-visible or non-alphanumeric characters (s.{0,6}t.{0,6}u.{0,6}d.{0,6}e.{0,6}n.{0,6}t.{0,10}l.{0,6}o.{0,6}a.{0,6}n). This indicates attempts to bypass security filters and present a plausible loan-themed lure in phishing or spam. The rule is applied to inbound HTML content, uses HTML analysis and content analysis, and is associated with BEC/Fraud, Credential Phishing, and Spam; tactics include evasion and social engineering.