top of page
  • Writer's pictureESET Expert

Borrower beware: Common loan scams and how to avoid them



Personal loan scams prey on your financial vulnerability and might even trap you in a vicious circle of debt. Here’s how to avoid being scammed when considering a loan.


Times have been tough financially for many of us since the pandemic. Climate shocks, food and energy price rises and persistent inflation elsewhere have squeezed household spending and put huge pressure on working families, with high interest rates in much of the Western world only making matters worse. As usual, cybercriminals are waiting in the wings to see how they can capitalize on others’ misfortune. In some cases, they’re doing it through loan fraud.


Understanding loan fraud

Loan fraud can take several forms. But at its heart it uses the lure of no-strings loans to hook vulnerable internet users. It can be particularly common at certain times of the year. The UK’s financial regulator the Financial Conduct Authority (FCA) warned last December about a surge in loan fee fraud after claiming over a quarter (29%) of British parents have borrowed money, or intend to, in the run-up to Christmas.


In the UK, losses for loan fee fraud average £255 ($323) per victim. That’s a potential significant sum for someone already struggling to pay the bills. Those particularly at risk are young people, senior citizens, low-income households and individuals with low credit scores. Scammers know these groups are among the worst hit by the current cost-of-living crisis. And they’ve developed various strategies to trick users into handing over their cash.


Take a closer look at the following schemes to stay safer online.


Top loan fraud threats

There are a handful of loan fraud scams, each of which uses slightly different tactics.


1. Loan fee (advance fee) fraud

Probably the most common type of loan fraud, this usually involves a scammer posing as a legitimate lender. They will claim to offer a no-strings loan but request that you pay a small fee up front to access the cash. The scammers will then disappear with your cash.


They may say the fee is for ‘insurance,’ an ‘admin fee’ or even a ‘deposit.’ They might also say it’s because you have a bad credit rating. Usually, the fraudster will claim it is refundable. However, they’ll often request it be paid in cryptocurrency, via a money transfer service, or even as a gift voucher. This will make it virtually impossible to recoup any lost funds.




2. Student loan fraud

One particular variety of loan-themed fraud targets people who are eager to secure funding for their education and recent graduates burdened by tuition fees and other educational expenses. These schemes also involve enticing loan terms or even debt forgiveness, bogus assistance with loan repayment, fraudulent promises to cut monthly payments, consolidate multiple student loans into a more manageable “package”, or negotiate with lenders on behalf of borrowers – in exchange for upfront fees for these “services”. Unsuspecting individuals are often tricked into surrendering their personal and financial information, which the scammers then use for identity theft or fraudulent purposes.


3. Loan “phishing” fraud

Some scams may involve the fraudster asking you to complete an online form before the loan can be ‘processed.’ However, doing so will hand your personal and financial details straight to the bad guys for use in more serious identity fraud. This could be run in tandem with an advance fee scam, resulting in the loss of both money and sensitive personal and bank account information.


4. Malicious loan apps

In recent years, ESET has observed a concerning rise in malicious Android apps disguised as legitimate loan apps. At the start of 2022 it notified Google about 20 of these scam apps that had over nine million collective downloads on the official Play store. Detections of “SpyLoan” apps surged 90% between H2 2022 and H1 2023. And in 2023, ESET found another 18 malicious apps with 12 million downloads.


SpyLoan apps lure victims with the promise of easy loans via SMS messages and on social media sites such as X (formerly Twitter), Facebook and YouTube. They often spoof the branding of legitimate loan and financial services companies in an attempt to add legitimacy to the scam. If you download one of these apps you’ll be requested to confirm your phone number and then provide extensive personal information. This could include your address, bank account information, and photos of ID cards, as well as a selfie – all of which can be used for identity fraud.


Even if you don’t apply for a loan (which in any case will be rejected) the app developers may then begin to harass and blackmail you into handing over money, potentially even threatening physical harm.



5. Payday loan scams

These scammers take aim at individuals in need of quick cash, often those with poor credit or financial difficulties. Much like with the other varieties, they promise fast and easy loan approval with minimal documentation and no credit check, exploiting the urgency of the borrower's financial situation. To apply for the loan, the scammer often asks the borrower to provide sensitive personal and financial information, such as their social security number, bank account details and passwords, using it for identity theft and financial fraud.


6. Loan repayment fraud

Some scams require more upfront reconnaissance work from the criminals. In this version, they will target victims who have already taken out loans. Spoofing that loan company, they will send you a letter or email claiming you’ve missed a repayment deadline and demanding payment plus a penalty fee.


7. Identity fraud

A slightly different approach again is to steal your personal and financial details – perhaps via a phishing attack. And then to use them to take out a loan in your name with a third-party provider. The scammer will max out the loan and then disappear, leaving you to pick up the pieces.


How to stay safe from loan fraud

Look out for the following red flags to stay safe:


  • Guaranteed approval of a loan


  • Request for upfront payment of a fee


  • Unsolicited contact by the loan company


  • Pressure tactics and a sense of urgency, which are a supremely popular trick among scammers of various kinds


  • A sender email address or website domain that doesn’t match the company name


  • No fine print to check on the loan itself


Also consider the following precautionary steps:


  • Research the company purporting to offer the loan


  • Never pay an upfront fee unless the company sends an official notice setting out the terms of the loan and reasons for the extra charge (which you have to agree to in writing)


  • Always use anti-malware on your computer and multi-factor authentication (MFA) to reduce the chances of data theft


  • Don’t reply direct to unsolicited emails


  • Don’t overshare online – scammers may be scanning social media for any opportunities to prey on your financial situation


  • Only download apps from official Google/Apple app stores


  • Ensure your mobile device is protected with security software from a reputable vendor


  • Don’t download apps that ask for excessive permissions


  • Read user reviews before downloading any app


  • Report suspected scams to the appropriate authorities, such as the Federal Trade Commission (FTC) or Consumer Financial Protection Bureau (CFPB)


As long as there are people in need of financing, loan fraud will be a threat. But by remaining skeptical online and understanding the scammers’ tactics, you can stay out of their clutches.


by Phil Muncaster, ESET

Comments


bottom of page