Phishing emails may take on a number of forms:

1. They may appear to come directly from Yes.my, your bank/financial institution or from any social networking site, asking for your personal information.
   
   
2. They may appear to be from someone in your email address book.
   
   
3. They may ask you to make a phone call. Phone phishing scams will direct you to call a phone number where a person would be waiting to ask you for your personal information.
   
   
4. They may include official-looking logos and other identifying information taken directly from legitimate websites, and they may include convincing details about your personal history.
   
   
5. They may include links to fake websites where you are asked to enter your personal information.

Sometimes, phishing emails will direct you to fake websites.

Phishing links that you are urged to click may contain all or part of a real company's name and are usually disguised, meaning that the link you see does not take you to that address but somewhere different, usually a phishing website.

Note in the following example that hovering your mouse pointer on the link without clicking it will reveal the real web address, as shown in the box with the yellow background. The string of cryptic numbers looks nothing like the company's web address. This is a suspicious sign.

When you receive an email Reminder from Yes, the link will first bring you through the tracking URL http://www.resultiks.com. You will then be redirected to a secured https site to login to your Yes Account at https://www.yes.my/myselfcare/doLogin.do.

To check the link's authenticity, mouse over the link to see the URL at the status bar located at the bottom of your browser.

If it is a phishing URL, it will not direct you to http://www.yes.my but instead takes you to a phishing site with a similar name, e.g. http://www.yescom.com.my.

"Please verify your account details."

Professional businesses would never ask you to verify your account details such as your username and password, IC number and/or any other personal information through email.

If you receive an email message from Yes or any other businesses/institutions asking you to update your credit card information, do not respond! This is a phishing scam.

"Your account will be closed if you do not respond within 48 hours."

A message like that is written to sound urgent on purpose; so that you will respond immediately without considering the risk factors. A phishing email may even claim that your account has been compromised. Again, do not respond as this is a phishing scam.