Student Finance Phishing emails

[Anne]

This is another we've not seen before. Clearly a phishing attempt to get access to financial information relating to students and their family funders.

Return-Path:       <root@server01.brainwaves.nl>
X-YahooFilteredBulk: 85.158.249.21
Received-SPF:       none (mta1034.mail.ukl.yahoo.com: domain of root@server01.brainwaves.nl does not designate permitted sender hosts)
X-Originating-IP: [85.158.249.21]
Authentication-Results: mta1034.mail.ukl.yahoo.com from=slc.co.uk; domainkeys=neutral (no sig); from=slc.co.uk; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO server01.brainwaves.nl) (85.158.249.21) by mta1034.mail.ukl.yahoo.com with SMTP; Tue, 11 Jan 2011 11:54:38 +0000
Received: (qmail 7344 invoked by uid 48); 11 Jan 2011 12:25:47 +0100
Date: 11 Jan 2011 12:25:47 +0100
Message-ID: <20110111112547.7324.qmail@server01.brainwaves.nl>
Subject: Student Loan Payment Processing Update
From: Student Finance Company <sfd_webmaster@slc.co.uk>  
Add sender to Contacts
Reply-To:       
MIME-Version:  1.0
Content-Type:     text/html
Content-Transfer-Encoding:  8bit
Content-Length:  1227

Dear Student,
Your student loan account need to be upgraded to match the details we hold on record for you.
Failure to upgrade means that your next student loan payment and maintenance grant will be delayed.
Thanks for your co-operation.

SIGN ON HERE
http://www.diadora.com.pl/autoprestige/student/index.html

Yours sincerely,
Student Loan Finance England.

[Anne]

And another copy with a different phishing URL:

Flag this message
Student Loan Payment Processing Upgrade
Friday, 21 January, 2011 8:37
From Student Finance England Fri Jan 21 08:37:57 2011
X-Apparently-To:       (removed)@yahoo.co.uk via 77.238.189.186; Fri, 21 Jan 2011 08:44:29 +0000
Return-Path:       <helpline@slc.co.uk>
X-YahooFilteredBulk:       209.165.130.13
Received-SPF:       softfail (mta1032.mail.ukl.yahoo.com: domain of transitioning helpline@slc.co.uk does not designate 209.165.130.13 as permitted sender)
X-Originating-IP:       [209.165.130.13]
Authentication-Results:       mta1032.mail.ukl.yahoo.com from=gci.net; domainkeys=neutral (no sig); from=slc.co.uk; dkim=neutral (no sig)
Received:       from 127.0.0.1 (EHLO msgmmp-3.gci.net) (209.165.130.13) by mta1032.mail.ukl.yahoo.com with SMTP; Fri, 21 Jan 2011 08:44:29 +0000
Received:       from User ([178.101.40.233]) by msgmmp-1.gci.net (Sun Java System Messaging Server 6.2-3.03 (built Jun 27 2005)) with ESMTPA id <0LFD00DW66MYKP10@msgmmp-1.gci.net>; Thu, 20 Jan 2011 23:38:14 -0900 (AKST)
Date:       Fri, 21 Jan 2011 08:37:57 +0000
From:       Student Finance England <helpline@slc.co.uk> 
Subject:       Student Loan Payment Processing Upgrade
Sender:       awm@gci.net
Message-id:       <0LFD00DW86N0KP10@msgmmp-1.gci.net>
MIME-version:       1.0
X-MIMEOLE:       Produced By Microsoft MimeOLE V6.00.2600.0000
X-Mailer:       Microsoft Outlook Express 6.00.2600.0000
Content-type:       text/html; charset=Windows-1251
Content-transfer-encoding:       7BIT
X-Priority:       3
X-MSMail-priority:       Normal
Content-Length:       1309

Dear Student,
Your student loan account need to be upgraded to match the details we hold on record for you.
Failure to upgrade means that your next student loan payment and maintenance grant will be delayed.
Thanks for your co-operation.

SIGN ON HERE
http://weldoo.net/index.html

Yours sincerely,
Student Loan Finance England.

Note SPF header highlighted in red above tells this is not a legit email!