The 2026 loan-app fraud landscape
FTC Consumer Sentinel data tagged $12.5 billion in reported fraud losses in 2024, with imposter scams ranking second by dollar loss. Loan-app fraud is a meaningful slice of that. The fraud has gotten better-looking in the last two years: the apps now ship through real Play Store and App Store listings, the websites pass casual inspection, and the support agents on chat sound competent. Spotting them takes about ninety seconds of deliberate skepticism, but only if you know what you are looking for.
Six red flags before you upload your ID
1. Upfront fees before funding. Any app that asks you to pay an "insurance," "processing," "activation," or "collateral" fee before the loan funds is running an advance-fee scam. The FTC's advance-fee rule makes it illegal in the United States to guarantee a loan and demand payment before delivering it. Real lenders deduct origination fees from the loan proceeds; they do not ask you to send $199 by Zelle.
2. Unsolicited contact. A text or call about a loan you never applied for is the front of a funnel, not a real offer. The FTC's January 2026 alert on fake loan-text scams is direct: do not click, do not reply STOP (which confirms the number is live), forward to 7726.
3. Permission requests that should not exist anymore. Google Play's Personal Loans policy, expanded in May 2025 to cover line-of-credit apps, bans US loan apps from accessing contacts, photos, precise location, external storage, call logs, or SMS. Apple applies similar restrictions. If an install asks for your contacts list, the app is either non-compliant (about to be pulled) or distributed outside the official stores.
4. Developer account younger than ninety days. Open the listing on the App Store or Google Play, scroll to the developer name and the first-release date. A real lender has a multi-year developer history and a portfolio of related apps. A scam clone shows a name one letter off from a known brand, a release date in the last ninety days, and one app under the developer account.
5. Payment demanded via gift card, crypto, or wire. No legitimate US lender accepts loan payments in Amazon gift cards. No legitimate lender asks you to "verify" your account by sending Bitcoin. These rails are chosen because they are hard to reverse, which is exactly the point.
6. No NMLS license. Consumer lenders in the United States are licensed in each state where they lend. Look the lender up in the NMLS Consumer Access database (nmlsconsumeraccess.org). Not listed, or listed but not in your state, means walk away.
The traps that are technically legal
Some of the worst outcomes do not come from outright scams but from real, licensed apps that use design patterns regulators have started to challenge. Three to know.
UX-defaulted tips. California DFPI found 73% of users tip when the UI prompts them. Pennsylvania and DC AGs settled with SoLo Funds in 2024 after concluding pre-filled tips function as finance charges under state consumer law. If an app pre-selects a "donation" you have to manually zero out, you are being charged.
Subscription auto-renewal. Brigit, Dave, Cleo and others run monthly subscriptions that keep billing even if you stop borrowing. The FTC's November 2023 action against Brigit centered partly on cancellation friction (Brigit settled, disputed the characterizations). The pattern across borrower complaints is almost identical: "I forgot I was still paying."
Tribal-affiliated installment apps. Some apps market heavily to subprime and gig workers and operate under tribal sovereign immunity, which they argue exempts them from state APR caps. APRs over 400% are common. Several state AGs and NYDFS have challenged the position aggressively over the last decade.
Continue reading
The deeper field guide on fake apps lives in how to spot a fake loan app. The data-resale picture is unpacked in loan-app data privacy, and the math behind the tip model is in tip-based loan apps: true cost.