To spot a fake loan app, check the developer name and first-release date on the App Store or Google Play listing, look up the lender in the NMLS Consumer Access database at nmlsconsumeraccess.org, confirm a valid state license, and refuse any app that asks for an upfront "insurance" or "processing" fee before funding. If any one of those checks fails, stop. Don't upload your ID, and don't link a bank account.
I spent 22 years underwriting consumer loans at a credit union. I can tell you the people who got burned by fake loan apps were not careless. They were tired, or broke, or both, and the app looked just legitimate enough at 11 p.m. to justify tapping Continue. That is the whole business model.
Why fake loan apps are having a moment
The FTC's Consumer Sentinel data tagged $12.5 billion in reported fraud losses in 2024. Imposter scams ranked second by dollar loss. In January 2026 the FTC issued a fresh consumer alert about fake loan text scams: you get a text about an $8,000 loan you never applied for, you click, the "lender" has a slick app, and twenty minutes later you are handing over a driver's license scan and a Social Security number.
In February 2025, Check Point Research flagged an app called RapiPlata. It had been downloaded about 150,000 times across Google Play and the Apple App Store before anyone caught it. On first launch it grabbed SMS messages, call logs, and calendar data, then used that information to harass users for repayment. Both stores pulled it, but only after six figures of downloads.
Fakes are getting better. AI-generated reviews, cloned branding, and developer impersonation are now standard moves. The defense is still mostly manual, which means you have to do it yourself before you tap Install.
The 10 red flags
1. Upfront fees before you see a dollar
Any app that asks you to pay an "insurance fee," "processing fee," "collateral deposit," or "activation charge" before funding the loan is running an advance-fee scam. The FTC has a dedicated rule on this. It is illegal in the United States to guarantee a loan and demand payment before delivering it. Legitimate lenders deduct origination fees from the loan proceeds or roll them into the balance. They do not ask you to Zelle $199 to a random account first.
2. Guaranteed approval, no credit check, no questions
A real lender, even a subprime one, wants to know if you can pay the money back. That means some kind of underwriting: bank-account connection, paystub upload, soft credit pull. "Guaranteed approval for anyone" is marketing language from people who don't plan to lend you anything. They plan to collect your identity and disappear.
3. A text or call about a loan you never applied for
If the contact is unsolicited, you are the product, not the customer. The FTC's September 2025 alert on unsolicited loan calls spelled this out plainly. Forward spam texts to 7726 (SPAM) to report them to your carrier. Do not reply STOP. Do not click the link. A reply confirms the number is live, which raises its value on the list these scammers buy and trade.
4. FDIC or "government-backed" claims on a loan product
FDIC insurance covers deposits at insured banks. It does not cover loans. If a loan app claims to be "FDIC guaranteed" or "federally insured," that is a scam tell. The FDIC published a bank-impersonation resource in June 2025 specifically because these claims have spread so fast.
5. No state license number, or a number that fails NMLS lookup
Consumer lenders must be licensed in each state where they lend. Go to nmlsconsumeraccess.org. Search the company name. If nothing comes up, or if the license exists but doesn't cover your state, walk away. It takes about 90 seconds and costs nothing. I cannot stress this one enough. When I was still underwriting, this check alone would have saved a good chunk of the people who later came to me trying to unwind a scam.
6. Developer info that doesn't match the brand
Open the listing on the App Store or Google Play. Scroll to the developer name and the "first released" date. A legitimate lender with millions of users will have a developer entity that matches the company name (or its known parent), a release date going back years, and a portfolio of related apps. A scam clone typically shows:
- A developer name that is one letter off from a real brand ("Dave Inc" vs "Dave lnc" with a lowercase L).
- A first-release date within the last 90 days.
- One single app under the developer account.
- A website link that leads to a template page or a broken URL.
7. Permission requests that were banned years ago
Google Play's Personal Loans policy, expanded again in May 2025 to cover line-of-credit apps, forbids US loan apps from accessing your contacts, photos, precise location, external storage, call logs, or SMS. Apple applies similar restrictions through App Review Guideline 1.4.3. If an app asks for your contacts list or text messages during onboarding, that app is either outside the official stores or is about to be pulled. Either way, not your problem to carry.
8. Payment demanded via gift card, crypto, wire, or peer-to-peer
No legitimate US lender accepts loan payments in Amazon gift cards. No legitimate lender asks you to send $50 in Bitcoin to "verify" your account. No legitimate lender asks you to wire funds to a personal Zelle or Cash App handle. These payment rails are chosen because they are hard or impossible to reverse. That is the entire point.
9. A website that was born last month
Run the domain through a free WHOIS tool (whois.domaintools.com works). If the domain was registered within the last 90 days, that is not a deal-breaker on its own, but combined with anything else on this list it is decisive. Also check for a physical address. A real US consumer lender has a real mailing address, not a virtual mailbox, and not just a P.O. box with no company headquarters listed anywhere.
10. Time-pressured, aggressive sales
"Your funds expire in 15 minutes." "We need your SSN right now or the rate goes up." Repeated calls from three different numbers in an hour. That pressure exists because the scammer needs you to act before you think. Real lenders have queues and disclosures and three-day cooling-off periods. They don't panic you into uploading your ID.
Three verification tools every borrower should bookmark
- NMLS Consumer Access (nmlsconsumeraccess.org). Free, no login. Tells you whether a company is licensed and in which states.
- Your state regulator. Most states run a licensee search through the Department of Financial Institutions or the Department of Banking. Arizona uses the Department of Insurance and Financial Institutions. California uses the DFPI. Texas uses the OCCC. Ten seconds on Google gets you the right URL.
- The App Store or Google Play developer page itself. Before you install, tap the developer name at the bottom of the listing. Look at what else they make and when they started making it.
What to do if you already uploaded your ID
First, breathe. You are not the first, and this is fixable.
- Place a fraud alert with one of the three credit bureaus (Equifax, Experian, or TransUnion). They will propagate it to the other two.
- Consider a credit freeze. Free at all three bureaus. It blocks new accounts from being opened in your name.
- If you uploaded a driver's license, notify your state DMV. Most states can flag the ID number for suspicious activity.
- If you linked a bank account, call the bank, tell them the linkage was to a fraudulent app, and ask whether you need to close and reissue the account. Nine times out of ten, yes.
- File reports at ReportFraud.ftc.gov, with your state Attorney General's consumer-protection office, and with the CFPB at consumerfinance.gov/complaint.
- If you paid any money, report the transaction to the payment rail (Zelle, Cash App, the card network) and your bank immediately. Speed matters.
Legitimate vs. scam: a quick comparison
| Signal | Legitimate loan app | Likely scam |
|---|---|---|
| NMLS listing | Active, states match | Missing or mismatched |
| Developer first-release date | Multi-year history | Under 90 days old |
| Fees | Disclosed APR, deducted from proceeds | Upfront, paid by you before funding |
| Data permissions | Bank-account link via Plaid, camera for ID | Contacts, SMS, call logs, photos |
| Contact origin | You found them | They found you, via SMS or cold call |
| Payment rails | ACH, debit card | Gift card, crypto, wire, Zelle, Cash App |
When you are ready to install something you can trust, stick to apps with a verified App Store and Google Play listing and an active NMLS record.
Common questions from readers.
Short answers to the questions we get by email after this article publishes.
01 Is every loan app that's not in the App Store automatically a scam?
Not automatically, but close. Some legitimate apps ship through web-based "sideload" pages, especially for specific state licensing reasons. The problem is that the store review process is one of the only checks scammers cannot forge. If an app is only available as a direct APK download or a web-install link, treat that as a serious red flag and verify the lender through NMLS before proceeding.
02 How long does an NMLS lookup actually take?
About 90 seconds. Go to nmlsconsumeraccess.org, type the company name into the search bar, pick the right entity, and check the "Regulator Information" tab. You will see every state the company is licensed in, what type of license, and whether it is currently active. If the state where you live isn't listed, that company cannot legally lend to you.
03 What should I do with a loan-offer text I never asked for?
Do not reply, not even with STOP. Replying confirms the number is active, which raises its value on the spam list. Forward the message to 7726, which routes it to your carrier for investigation, then delete it. If you already clicked the link, run a malware scan on your phone and watch your bank accounts closely for the next 30 days.
04 Can a real lender ever ask for a fee before funding?
No. Under the FTC's advance-fee loan rule, it is illegal in the United States for a lender or broker to guarantee a loan and require payment before the loan is delivered. Legitimate origination fees are either deducted from the loan proceeds at disbursement or added to your balance and paid over the life of the loan, never collected up front via wire or gift card.
05 If I was scammed, will the FTC or CFPB recover my money?
Usually not directly. The FTC pursues civil penalties against scam operators and occasionally distributes redress to victims, but most scam funds are long gone by the time a case is filed. Your faster path to recovery is disputing the transaction with your bank or card network within 60 days, and in some cases filing a police report to support the dispute.
Related guides
The True Cost of Loan Apps: APR vs. Origination Fees vs. Subscription Fees in 2026
Are Loan App Subscription Fees Worth It? The Break-Even Math on Brigit, Dave, Tilt, and MoneyLion
