publishing date icon
December 29, 2021
read time icon
5 min. read

Loan scam emails

This week's Off the Hook topic is loan scams. Even though they have been popular amongst scammers since long before the pandemic, these difficult times have raised the number of people falling for them. Obtaining a loan can often be difficult, but even more so in times like these with so many seeking desperately needed financial relief. However, not all loan offers are made with your best interest in mind, and some might turn out to be a scam.

Post hero image

Table of contents

share this post

When the global pandemic fell on us in the beginning of 2020, many businesses immediately faced financial crisis. When everything shuts down it’s safe to say that business won’t run as usual.  Businesses and individuals alike raced to secure financial security from a variety of lenders, traditional banks and otherwise.

Cyber criminals naturally wanted a piece of the action. And make no mistake, the global pandemic gave them no ethical hesitation. Fundamentally lacking ethics, malicious actors did the opposite and redoubled their criminal efforts. Crises to them equals opportunity, and misery fuels their drive to turn desperation into dollars.

In this post we have gathered a few examples of loan scams to show you what they look like and how they work. Let’s have a look:

Loan scam phishing email example

In typical loan scams, we see the attacker emailing a loan offer that often sounds suspiciously good. The rates are promising and repayment time is mercifully long. The processing time is extremely fast and the money will be in your bank account in the blink of an eye. Sounds almost too good to be true? Well, that’s because it is.

In these loan scams, also known as advanced fee loan scams, the attacker’s goal is to offer a low interest loan for the victim and get them to pay a fee in advance of the exchange. Of course the loan doesn’t actually exist and the attacker’s agenda is only to get paid. The upfront payment is usually disguised as something like a processing or application fee. In short, the idea is to pay to get service.

Loan scams come in many different shapes. Some are better than others, and some are extremely clumsy. In the better versions, the so-called lender has registered a domain for a fake loan service and in some cases even created a website for the fraudulent business. The clumsy ones on the other hand often send their fake loan offers from accounts like gmail.com and outlook.com. Email accounts ending like that are usually personal email addresses, not business addresses. Legitimate loan provider services would never contact their possible customers through personal email addresses. These clumsy loan scams are  common; we see them pretty much daily. They require little investment as the idea is to send it to as many people as possible and hope that someone takes the bait.

Here’s another example:

Loan scam phishing email example 2: generic domains


In this example the attacker had registered a domain called “kreditinvestlltd.com” for the fake loan provider. The registered domains usually use common generic finance terms like “credit” and “invest.” This helps dupe the victim, and it’s harder to Google the company when general terms are being used.

As we can see from the above example, loan fraudsters lure their victims with large sums of money. When a person in a desperate state (or in desperate times like the global pandemic) receives such an email, they may unfortunately act upon it. Attackers use psychological methods and they know which buttons to press to get what they want. The golden rule to stay safe is that if something seems too good to be true, it probably is!

Here’s a few tips to stay off the hook:

  • Check the sender domain: is the email coming from a personal email address or a legit company? (Note! Be careful, the addresses can be spoofed!)
  • Check for grammar and spelling errors, which are very common in phishing emails
  • Do not accept loan offers that arrive in your email unexpectedly
  • Contact your bank for advice if you have problems with your finances
  • Trust your instinct; If something seems suspicious, it probably is and you should not act upon it!

Once again, stay safe everyone!

Explore more phishing examples

Hoxhunt response

Our Threat Analysis Team examines tens of thousands of reported phishing emails, including ones like these, a week–and have captured tens of millions of threats to date. Working together with our powerful machine learning model, they cluster the threats, rate them, and incorporate the nasty ones into our training simulations in real time to ensure our training stays at the cutting edge of the constantly-evolving threat landscape. Hoxhunt users are thus drilled on spotting and reporting the latest actual threats making the rounds, removing potentially catastrophic threats from your system with every push of the Hoxhunt reporting button. Read more to learn how to equip your employees with the awareness training that will protect your company from phishing scams.


Subscribe to Threat Feed

Subscribe to Hoxhunt's Threat Feed to get the latest phishing threats delivered to your inbox, every Friday.

Form CTA

Hoxhunt needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at anytime. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, check out our Privacy Policy.