A man in Ohio whose Chapter 7 was discharged on a Friday told me his inbox looked different by Monday. Twelve emails offering personal loans of $5,000 to $25,000. Two text messages. A voicemail from a 1-800 number. He had not signed up for anything. He had filed bankruptcy, and his name and a rough credit profile had been bought, sold, and dropped onto somebody's outreach list before the courthouse PDF was a week old.
This is the wave. It hits hardest after a bankruptcy filing, a hard-pull denial, a payday-loan inquiry, or a data breach that included your contact details. The Federal Trade Commission's Consumer Sentinel Network logged 6.5 million consumer fraud reports in 2024, and consumers reported losing $12.5 billion, a 25% jump over 2023 and the highest figure on record. Imposter scams alone (the category that captures most fake-lender pitches) accounted for $2.95 billion in reported losses. You are not paranoid. The volume is real.
The good news: real scam pitches commit the same federal violations on repeat, and you can learn the pattern in about ten minutes. Here are the six red flags that show up in the first email, why each one is illegal or non-compliant, and how to verify a real lender before you reply.
Why bankruptcy filings and credit denials trigger a wave of outreach
Bankruptcy court filings are public records. Credit denials produce data trails (a hard inquiry on your file, an adverse action notice in your mailbox) that lead generators, legitimate and otherwise, monitor and resell. The legitimate side runs through licensed marketers who comply with the FCRA's prescreen rules and the Telemarketing Sales Rule. The illegitimate side does not bother. Both sides know your file just got distressed, and both move fast. Our piece on a realistic year-one borrowing plan after Chapter 7 covers the post-discharge pattern in detail.
You can blunt the volume (more on that below). You cannot stop it entirely. So the move is pattern recognition.
The six red flags
1. Upfront fees of any kind
Any pitch that asks you to send a "processing fee," "insurance fee," "good-faith deposit," or "loan release fee" before the loan funds is a scam. This is not a soft warning, it is a hard rule.
The Telemarketing Sales Rule at 16 CFR 310.4(a)(4) makes it illegal for telemarketers to demand a fee in advance of obtaining or arranging a loan or other extension of credit. Section 5 of the FTC Act prohibits unfair and deceptive acts in commerce, and false loan promises with upfront fees fall squarely inside that prohibition. The CFPB has parallel authority under the Consumer Financial Protection Act to pursue UDAAP violations.
Real lenders deduct origination fees from the loan proceeds. They do not ask you to wire money first. (For how that disclosure is supposed to look on a real offer, see our walkthrough of how to read a personal loan disclosure box the way a regulator does.) If a fee shows up before the funding does, the pitch is a scam, full stop.
2. Payment demanded by gift card, wire, crypto, or payment app
The FTC's consumer guidance on advance-fee loans is direct: legitimate lenders never ask for payment by gift card, wire transfer, cryptocurrency, or peer-to-peer payment app. These channels are favored by scammers because the money is hard or impossible to recover.
The Ohio reader I mentioned had a follow-up call where the "lender" said he needed $400 in Apple gift cards as "collateral verification." Apple gift cards are not collateral. They are a mechanism to extract value with no chargeback rights. The instant a request for any of those payment methods appears, the pitch is over.
3. Guaranteed approval, with no underwriting questions
The FTC explicitly flags phrases like "guaranteed approval" and similar promises as scam markers. No real lender guarantees approval before reviewing your application, because federal fair-lending and risk rules require underwriting. ECOA, FCRA, and the lender's own pricing model exist precisely so the lender can decide whether and at what rate to extend credit.
If an email tells you you are approved without ever asking about your income, employment, debt, or identity, the email is selling something other than a loan, often a fee, often a data harvest.
4. Pressure on a same-day or hours-only window
"This rate expires in 4 hours." "Sign today or lose your slot." "We can only hold your funds until midnight." Scammers compress decision time because they know hesitation kills the pitch. Real lenders give you time to read the disclosure box, ask questions, and walk away. The Truth in Lending Act assumes you will. State AGs treat artificial urgency as a UDAP marker on its own.
5. Lookalike domains and free email senders
The CFPB and state regulators routinely warn that scam emails impersonate real lenders by using slightly altered domains. The pattern: a familiar lender name, but the domain is off by a hyphen, an extra letter, or a top-level swap (.support instead of .com, for example). Or the sender uses a free email service (gmail, outlook, proton) for a "loan officer." Real lenders use their own domains.
I am not reproducing actual scam domains here, because doing so creates a phishing template. The point is structural: hover over the sender address before you do anything else. If the domain doesn't exactly match the lender's official site, treat the email as hostile.
6. Requests for SSN or bank login through unsecured channels
A real lender will ask for your SSN and bank credentials, but inside an HTTPS application flow on its own domain, with vendors like Plaid handling the bank-account connection through a tokenized link. (Our piece on how online personal loan underwriting works walks through where each handoff happens in a legitimate flow.) A real lender will not ask you to email or text your SSN, photograph your debit card, or share your online-banking password.
The variant that catches sophisticated readers off guard: a scammer who already has some of your data (the name, the loan amount you previously applied for, the last four of your SSN, even your employer) uses it to build trust, then asks for the rest. "They knew my information" is not a legitimacy signal in 2026. Breach data and lead lists are cheap. The verification has to come from your side, not theirs.
How to verify a real lender in 90 seconds
Before you reply to any unsolicited loan pitch, run this sequence:
- Search the lender's name on NMLS Consumer Access. Most non-bank consumer lenders are licensed at the state level and listed there.
- Cross-check with your state's banking regulator or department of financial institutions. Every state has one, and most maintain a license lookup tool.
- Search the CFPB Consumer Complaint Database at consumerfinance.gov/complaint. Real lenders show up. So do their complaint patterns.
- Check the BBB record for accreditation, complaints, and how the company responded.
- Type the lender's name and "scam" or "complaints" into a search engine. Real fraud rings show up in state AG press releases and consumer threads quickly.
If a "lender" cannot be found in any of those databases, that is not a quirk. That is the answer.
What to do if you already paid
If you sent gift card numbers, call the issuer (Apple, Google Play, Amazon, Target, whichever) immediately. Recovery is rare but not impossible if the cards have not been redeemed. Save the receipts.
If you wired money, call your bank. Domestic wires can sometimes be recalled within hours; international wires almost never. File a formal recall request anyway and get the case number.
If you paid via ACH or debit card, dispute the transaction with your bank under Regulation E. Move quickly; the strongest consumer protections require notice within 60 days of the statement.
Then file the reports. ReportFraud.ftc.gov is the federal intake. The CFPB at consumerfinance.gov/complaint is the right venue for anything involving a financial company. Your state attorney general has authority under state UDAP statutes; some states (New York General Business Law 349, for example) provide a private right of action with statutory damages. The FBI's IC3 internet crime complaint center handles internet-enabled fraud over a reporting threshold.
How to stop the wave
You cannot make yourself invisible, but you can shrink the surface area.
- Opt out of credit-bureau prescreen offers at OptOutPrescreen.com. This is the official site authorized by the FCRA. The five-year opt-out is free; the permanent opt-out requires a signed form.
- Register with the National Do Not Call Registry at donotcall.gov. It does not stop scam callers, but it makes legitimate telemarketing calls illegal and gives you a basis for an FTC complaint.
- Add your state's do-not-call list where one exists.
- Use a credit freeze at all three bureaus. It is free, and it stops new-account fraud cold. You can lift it temporarily when you are actually shopping for credit.
What real lenders actually do
Real personal lenders deliver a Truth in Lending disclosure before you sign. They run a soft pull at prequalification and a hard pull at application. They send you an adverse action notice within 30 days if they deny you, with up to four specific reasons and the credit reporting agency they used. (Our piece on your rights when a lender denies you walks the letter line by line.) They do not ask for gift cards. They do not promise approval before underwriting. They do not pressure you to sign in three hours.
If a pitch in your inbox does not match that profile, the pitch is not a loan offer. Treat it accordingly, verify before you respond, and report it once you have walked away.
Frequently Asked Questions
How can I tell if a personal loan offer is a scam?
Check for upfront fees, demands for gift cards or wires, promises of approval before underwriting, artificial urgency, lookalike or free-email sender addresses, and requests for sensitive data through unsecured channels. Any one of those is a serious red flag; two or more is a confirmed scam.
Are upfront fees on a personal loan ever legal?
Origination fees are legal when they are disclosed in the Truth in Lending box and deducted from the loan proceeds at funding. Fees you are asked to send before the loan funds, by wire, gift card, or app, are prohibited under the Telemarketing Sales Rule (16 CFR 310.4) and Section 5 of the FTC Act.
Why am I getting loan offers right after my Chapter 7 discharge?
Bankruptcy filings are public records, and credit data tied to your file gets monitored and resold to legitimate prescreen marketers and to scam operators. Opting out at OptOutPrescreen.com reduces the legitimate volume; the scam volume requires you to verify each lender before responding.
Is it safe to share my SSN with a lender online?
It is safe with a verified, licensed lender inside its HTTPS application flow on its own domain. It is not safe in an email, text message, or through a link sent in an unsolicited message. Verify the lender on NMLS Consumer Access and your state regulator's site first.
What if a "lender" already has my correct personal information?
Treat that as a neutral fact, not a credibility signal. Breach data and purchased lead lists routinely contain SSN fragments, employers, prior loan amounts, and contact details. Verification has to come from your side: license lookup, complaint database, official domain.
Where do I report a personal loan scam?
File at ReportFraud.ftc.gov, the CFPB at consumerfinance.gov/complaint, and your state attorney general's office. Internet-enabled fraud can also be reported to the FBI at ic3.gov.