Mobile services, tarnsfers with no fee, bank card, shopping, cashback | HUMANS Borku. Bemalol Aloqada.

How to identify a phishing website


How to identify a phishing website

Be careful of tempting offers in social media ads! They often lead to phishing websites. Offers of too favorable loans, payments from the state that were not told about in the official news — any promises of quick money can be dangerous.

Phishing sites are designed for a person who believes in such a promise to enter their card details and confirmation code. But according to the rules of payment security, in this case, the bank will not be able to cancel the payment. A money refund for such fraud is a long and complicated process that can only be started by appealing to law enforcement agencies.

How not to fall for scammers' tricks and identify a fake website?


If you want to enter personal information or card details or make a purchase via a website, this website must have “https” and a closed lock icon at the beginning of the website address. The letter “s” and the closed lock mean that the connection is secure: when you enter data on the website, it’s automatically encrypted and cannot be intercepted.

The full official address of the HUMANS website is As you can see, it contains “https” with an “s” at the end, which means that all the data you enter on the website will be secure.

It’s not safe to enter your data on sites without encryption. Most popular browsers have built-in protection and can warn about the  dangers of sites that don’t have a security certificate (SSL certificate). We recommend that you don’t ignore such warnings.

Unfortunately, the SSL certificate doesn’t always guarantee the reliability of the website. It’s relatively easy to get a certificate, so a phishing site may also have one.


You will see the full link (URL) of the website in the address bar of your browser. Usually, the address bar is at the top of the browser if you open it on a PC or at the bottom if you open the link on a smartphone.

Be careful when you click on a link. In a Telegram message, the link may look normal, for example:, but if you click on it, a pop-up window will display the real URL of the site you are going to. If it’s significantly different, it’s better not to follow the link.

The site address should be read from right to left. To the right of ".", you’ll see a country code (uz, ru, kz) or another international code (net, edu, com, org, etc.). To the left of the ".", companies usually use the brand name.

Simply put, the website address is like the number of the entrance in the house: to the right of "." — the number of the house, to the left of "." — the number of the entrance. Everything after that is the floors and apartments.

In the address of the HUMANS official website, "uz" is the country code of Uzbekistan, and "humans" is the name of our brand.


A phishing URL can be very similar to the real one. If there are any additional words or characters between the "." and the brand name, you are probably looking at a fake site.

For example, is a fake site. Here, to the right of the "." is com, and to the left is “example-security”. And the same floors and apartments in the entrance from the example above.

The website is also phishing. It’s easy to see from the above characteristics.


Since phishing sites don’t live long (they are usually quickly detected and blocked), they are often made very quickly. Therefore, the buttons and links on such a site may not work, and the text may contain spelling errors. And although the design of the site will be very similar to the real one, small differences can still be noticed. To check it out, enter the company name in the search bar and look at its official website.


Too tempting offers should be treated with distrust and checked to see whether there really is such an offer or promotion. To do this, you can contact the customer support team or go to the official website. If the information is confirmed and there are no other alarming signs that we described above, you can take part in the promotion.

Even if the link to the offer was sent to you by someone close to you, you should still double-check everything! That person could also be a victim of fraud.


Change your account password as soon as possible, and contact your bank to block and reissue your card. If your bank's mobile app allows you to block the card or set limits or bans on online payments, do it yourself. The bank card must be reissued to update its data for security purposes.