Legal Steps After Identity Theft from Online Loan Scams

I. Introduction

Identity theft linked to online loan scams has become a serious problem in the Philippines. Victims often discover the fraud only after receiving collection calls, threats, messages from supposed lenders, notices of unpaid loans, or harassment directed at their relatives, co-workers, and social media contacts. In many cases, the victim never borrowed money at all. Instead, a scammer used the victim’s personal information, government IDs, selfie photos, mobile number, online banking details, e-wallet account, or contact list to apply for loans, open accounts, or intimidate the victim into paying.

Online loan scams may involve fake lending apps, unregistered lending companies, phishing links, impersonation of legitimate lenders, SIM-based fraud, e-wallet takeover, hacked social media accounts, or unauthorized use of IDs. The legal response must be both immediate and strategic: preserve evidence, stop further misuse, report to the right agencies, dispute the fraudulent debt, protect one’s credit record, and consider civil or criminal remedies.

This article discusses the legal steps available in the Philippine context after identity theft from online loan scams.

II. What Counts as Identity Theft in an Online Loan Scam?

Identity theft happens when another person uses someone’s identifying information without authority, usually to obtain money, credit, services, access, or some other benefit. In online loan scams, the stolen information may include:

  1. Full name, address, date of birth, and contact number;
  2. Government-issued IDs, such as a passport, driver’s license, UMID, SSS, GSIS, PhilSys ID, PRC ID, or postal ID;
  3. Tax Identification Number, SSS number, PhilHealth number, or other personal reference numbers;
  4. Selfie photos, video verification clips, and electronic signatures;
  5. Bank account or e-wallet details;
  6. SIM card details, OTPs, passwords, PINs, and recovery codes;
  7. Social media profile information;
  8. Contact lists copied from a phone by a suspicious lending app;
  9. Employment details, payslips, company ID, or payroll account information.

In a typical scam, the fraudster may apply for a loan under the victim’s name, use the victim’s phone number or ID, submit manipulated documents, or use a lending app that harvests the victim’s contacts. Sometimes the victim actually applied for a small loan, but the app then misused the victim’s data, charged excessive fees, or harassed the victim and contacts. Both situations can raise legal issues.

III. Main Philippine Laws That May Apply

Several Philippine laws may be relevant, depending on the facts.

1. Cybercrime Prevention Act

The Cybercrime Prevention Act may apply when identity theft, fraud, threats, illegal access, phishing, or computer-related fraud is committed through the internet, mobile apps, social media, electronic communications, or digital systems.

Possible cybercrime issues include:

  1. Unauthorized use of identity online;
  2. Computer-related fraud;
  3. Illegal access to accounts;
  4. Misuse of electronic data;
  5. Online threats, coercion, or extortion;
  6. Cyber libel, if false and defamatory statements are sent or posted;
  7. Use of fake accounts, phishing pages, or fraudulent messages.

Where the scam involves electronic documents, digital messages, online loan applications, or hacked accounts, cybercrime authorities may be involved.

2. Revised Penal Code

The Revised Penal Code may apply to traditional criminal offenses committed through the scam, including:

  1. Estafa or swindling, when deceit is used to obtain money or property;
  2. Falsification, when documents, signatures, IDs, or electronic records are falsified;
  3. Grave threats or unjust vexation, depending on the nature of harassment;
  4. Coercion, when a person is forced to do something against their will;
  5. Slander or libel, depending on whether defamatory accusations are spoken, written, or published;
  6. Usurpation or false representation, depending on the facts.

If collectors falsely accuse a victim of being a criminal, post humiliating content, threaten to expose private information, or contact employers and relatives with false claims, additional criminal or civil remedies may arise.

3. Data Privacy Act

The Data Privacy Act is central when personal information is collected, processed, shared, stored, or disclosed without lawful basis. It may apply to online lending apps, collection agents, data brokers, and other entities that mishandle personal data.

Relevant issues may include:

  1. Unauthorized collection of personal data;
  2. Excessive collection of contacts, photos, files, or device data;
  3. Unauthorized disclosure to relatives, co-workers, employers, or social media contacts;
  4. Failure to secure personal information;
  5. Processing data for harassment or intimidation;
  6. Refusal to correct or delete inaccurate personal data;
  7. Failure to respond to a data subject request.

Victims may complain to the National Privacy Commission when a lender, app, collector, or other entity misuses their personal information.

4. Lending Company Regulation Act and SEC Rules

Online lending companies and financing companies are regulated. Lending businesses generally must be properly registered and must comply with rules on disclosure, fair collection, corporate registration, and consumer protection.

The Securities and Exchange Commission may be relevant when:

  1. The online lender is unregistered;
  2. The lending app operates under a revoked or suspended registration;
  3. The lender uses abusive collection practices;
  4. The lender misrepresents its authority to operate;
  5. The company fails to disclose loan terms properly;
  6. The company engages in unfair, deceptive, or fraudulent conduct.

A victim should check whether the lender or app is registered, whether its certificate of authority is valid, and whether it has been the subject of SEC advisories or enforcement action.

5. Financial Consumer Protection Rules

If a bank, e-wallet, payment service provider, financing company, or lending company is involved, financial consumer protection rules may apply. Victims may file complaints with the relevant regulator, such as the Bangko Sentral ng Pilipinas for banks, e-wallets, payment institutions, and certain financial service providers.

These complaints may involve:

  1. Unauthorized transactions;
  2. Account takeover;
  3. Failure to assist with fraud reports;
  4. Mishandling of complaints;
  5. Failure to reverse or investigate disputed charges;
  6. Weak security practices;
  7. Improper collection or reporting of disputed debt.

6. SIM Registration and Telecommunications Issues

Because many scams involve mobile numbers, OTPs, and messaging apps, victims may need to coordinate with their telecommunications provider. If a SIM is lost, compromised, fraudulently registered, or used for scams, the victim should report it quickly and ask for blocking, replacement, or verification of account activity.

IV. Immediate Steps: What the Victim Should Do First

1. Preserve All Evidence

The most important first step is to preserve evidence before messages disappear, accounts are deleted, or apps are removed. Save:

  1. Screenshots of loan app pages, account dashboards, messages, threats, calls, and payment demands;
  2. SMS, Viber, Messenger, WhatsApp, Telegram, email, and social media messages;
  3. Caller numbers, dates, times, and call logs;
  4. Names used by collectors or agents;
  5. Links, app names, websites, and social media pages;
  6. Proof that the victim did not apply for or receive the loan;
  7. Bank and e-wallet transaction records;
  8. Any loan agreement, disclosure statement, promissory note, or alleged application form;
  9. Copies of IDs that may have been compromised;
  10. Screenshots of defamatory posts or messages sent to contacts;
  11. Statements from relatives, friends, co-workers, or employers who received harassment.

Do not rely only on the phone where the scam occurred. Back up evidence to cloud storage, an external drive, or email. Keep original files when possible because metadata may matter.

2. Write a Chronology

Prepare a written timeline. Include:

  1. When the victim first discovered the identity theft;
  2. How the scam started;
  3. What personal information may have been exposed;
  4. Which accounts were affected;
  5. Which lenders, apps, collectors, or numbers contacted the victim;
  6. Whether money was lost;
  7. Whether a fake loan was created;
  8. Whether relatives, employers, or contacts were harassed;
  9. What reports have already been filed.

A clear chronology helps police, regulators, banks, and lawyers understand the case.

3. Secure Digital Accounts

Immediately secure all affected accounts:

  1. Change passwords for email, e-wallets, banking apps, social media, and cloud storage;
  2. Turn on two-factor authentication;
  3. Log out of all devices;
  4. Revoke unknown app permissions;
  5. Remove suspicious browser extensions;
  6. Check account recovery emails and phone numbers;
  7. Replace compromised passwords, especially if reused;
  8. Report hacked accounts to platforms;
  9. Scan devices for malware;
  10. Avoid clicking any more links from the supposed lender or collector.

Email security is especially important because email often controls password resets for banks, e-wallets, social media, and government accounts.

4. Contact Banks, E-Wallets, and Payment Providers

If financial accounts were involved, immediately notify the bank, e-wallet, or payment provider. Ask them to:

  1. Freeze or restrict compromised accounts if necessary;
  2. Investigate unauthorized transactions;
  3. Block suspicious recipients;
  4. Issue a new card, account, or credentials if needed;
  5. Provide a written reference number for the fraud report;
  6. Preserve transaction logs;
  7. Confirm whether any loan proceeds entered the victim’s account.

Submit a written dispute, not just a phone complaint. Keep the reference number and copies of all communications.

5. Contact the Telco

If the victim’s SIM, mobile number, or OTPs were compromised, contact the telecommunications provider. Ask for:

  1. SIM blocking or replacement;
  2. Account verification;
  3. Records of SIM changes, if available;
  4. Help preventing unauthorized SIM swap;
  5. A report reference number.

If a fraudster used a different number while pretending to be the victim, report that number as well.

V. Reporting to Law Enforcement

1. Philippine National Police Anti-Cybercrime Group

The PNP Anti-Cybercrime Group may receive complaints involving online fraud, identity theft, phishing, hacking, online threats, and other cyber-related offenses.

A report should include:

  1. Valid government ID of the complainant;
  2. Affidavit or written complaint narrative;
  3. Screenshots and printouts of messages;
  4. URLs, app names, email addresses, and phone numbers;
  5. Bank or e-wallet records;
  6. Names of suspects, if known;
  7. Details of any fake loan account;
  8. List of witnesses who received harassment;
  9. Proof of damage or loss.

The victim should ask for a copy of the complaint, blotter, certification, or reference number.

2. National Bureau of Investigation Cybercrime Division

The NBI Cybercrime Division may also investigate cyber fraud, identity theft, hacking, phishing, and online extortion. Victims may file a complaint with supporting documents and digital evidence.

In more serious cases involving large financial loss, organized scam networks, or repeated harassment, victims may consider seeking assistance from both law enforcement and private counsel.

3. Local Police Blotter

A local police blotter may be useful, especially when:

  1. The victim needs a record for banks or lenders;
  2. There are threats of physical harm;
  3. Collectors visit the home or workplace;
  4. The victim wants immediate documentation;
  5. The case may later be referred to cybercrime authorities.

A blotter is not the same as a full criminal case, but it can help establish that the victim promptly reported the incident.

VI. Reporting to Regulators and Agencies

1. National Privacy Commission

A complaint to the National Privacy Commission may be appropriate when personal data was misused, disclosed, harvested, or processed without consent or lawful basis.

Common NPC-related complaints include:

  1. Lending apps accessing contact lists without proper basis;
  2. Collectors messaging relatives or co-workers;
  3. Public shaming or threats to disclose personal information;
  4. Refusal to delete or correct inaccurate data;
  5. Unauthorized use of ID documents;
  6. Failure to protect personal data;
  7. Excessive collection of personal information.

Before filing, it is often useful to send a written request or complaint to the company’s Data Protection Officer, if known. Ask for correction, deletion, restriction of processing, and an explanation of where the data came from.

2. Securities and Exchange Commission

The SEC is relevant for complaints against lending companies, financing companies, and online lending platforms. A complaint may raise:

  1. Unregistered lending activity;
  2. Abusive collection practices;
  3. Misrepresentation;
  4. Use of unauthorized or misleading app names;
  5. Failure to disclose loan terms;
  6. Harassment by collection agents;
  7. Use of threats, shame, or false accusations.

Victims should attach screenshots, app details, company names, phone numbers, and proof that the loan is fraudulent or disputed.

3. Bangko Sentral ng Pilipinas

The BSP may be relevant if the issue involves banks, e-wallets, electronic money issuers, remittance companies, payment system operators, or other BSP-supervised financial institutions.

A complaint may involve:

  1. Unauthorized transfers;
  2. E-wallet account takeover;
  3. Bank account compromise;
  4. Failure to resolve a fraud report;
  5. Mishandling of consumer complaints;
  6. Improper freezing, reporting, or charging.

The victim should first file a complaint with the financial institution and obtain a reference number. If unresolved, the matter may be escalated.

4. Credit Information and Credit Bureaus

If a fraudulent loan appears in credit records, the victim should dispute it. The victim should ask the alleged lender to confirm in writing whether it reported the account to any credit bureau or credit information system.

The victim should request:

  1. Deletion or correction of the fraudulent account;
  2. Written confirmation that the debt is disputed;
  3. Written confirmation that the victim is not liable;
  4. Correction of any adverse credit reporting;
  5. Copies of documents allegedly used to open the loan.

A police report, affidavit of denial, and regulator complaints may support the dispute.

VII. How to Dispute a Fraudulent Online Loan

A victim should not ignore a fake loan, but also should not admit liability. The safest approach is to dispute the debt in writing.

The dispute letter should state:

  1. The victim denies applying for, authorizing, or receiving the loan;
  2. The victim believes their identity was misused;
  3. The victim demands copies of the alleged loan application, contract, ID, selfie verification, IP address logs, device data, disbursement records, and account details;
  4. The victim demands immediate suspension of collection activity while the dispute is investigated;
  5. The victim demands correction or deletion of inaccurate data;
  6. The victim demands that the company stop contacting third parties;
  7. The victim reserves all rights under criminal, civil, consumer protection, and data privacy laws.

The letter should be sent by email and, when possible, by registered mail or courier. Keep proof of sending.

Sample Dispute Language

A victim may write:

“I deny having applied for, authorized, received, or benefited from the alleged loan. I believe my personal information was used without my consent. I demand that your company immediately suspend all collection activity, preserve all records, provide copies of all documents and logs allegedly supporting the loan, stop contacting third parties, and correct or delete any inaccurate personal or credit information concerning me.”

Do not say, “I will pay later,” “I borrowed but cannot pay,” or “Please lower the amount,” if the position is that the loan is fraudulent. Such statements may be used as implied admission.

VIII. What to Do If Collectors Harass Family, Friends, or Employers

Harassment is common in online loan scams. Collectors may call or message contacts, accuse the victim of being a fraudster, threaten public shame, send edited photos, or claim that relatives are legally responsible.

The victim should:

  1. Tell contacts not to pay anything;
  2. Ask contacts to screenshot all messages;
  3. Record the date, time, number, and content of every contact;
  4. Send a cease-and-desist demand to the company or collector, if identifiable;
  5. Report privacy violations to the NPC;
  6. Report abusive lending or collection practices to the SEC;
  7. Report threats, extortion, or cyber libel to law enforcement;
  8. Inform the employer or HR department that the matter is identity theft and is being disputed.

Relatives and co-workers generally do not become liable for another person’s debt merely because they are listed as contacts. If they did not sign as co-makers, guarantors, or sureties, they should not be treated as debtors.

IX. Should the Victim Pay the Alleged Loan?

If the loan is truly fraudulent and the victim did not apply for it, authorize it, or receive the proceeds, payment can create problems. It may be interpreted as recognition of the debt or may encourage further extortion.

However, some victims pay under pressure to stop harassment. If payment was made under intimidation, the victim should document the circumstances, preserve proof of payment, and consult a lawyer regarding recovery or criminal complaints.

As a general rule:

  1. Do not pay a debt that is not yours without legal advice;
  2. Do not negotiate as if the debt is valid if your position is identity theft;
  3. Do not provide new IDs or selfies to suspicious collectors;
  4. Do not click payment links from unknown senders;
  5. Do not agree to confidentiality terms that waive your rights without advice.

X. Affidavit of Denial or Affidavit of Identity Theft

An affidavit can be useful for banks, e-wallets, regulators, police, employers, and lenders. It should contain:

  1. The victim’s identity and address;
  2. A statement that the victim did not apply for or authorize the loan;
  3. A description of how the victim discovered the fraud;
  4. The personal information believed to be compromised;
  5. The names of apps, lenders, numbers, or accounts involved;
  6. A statement that the victim did not receive or benefit from the loan proceeds, if true;
  7. A list of reports filed;
  8. A request for investigation and correction of records;
  9. Attached evidence.

The affidavit should be notarized if it will be submitted formally.

XI. Civil Remedies

Depending on the facts, the victim may have civil remedies against scammers, abusive collectors, negligent companies, or entities that mishandled personal data.

Possible civil claims may include:

  1. Damages for injury to reputation;
  2. Damages for emotional distress or anxiety;
  3. Damages for financial loss;
  4. Recovery of money paid under fraud, intimidation, or mistake;
  5. Injunction or court order to stop harassment;
  6. Correction or deletion of records;
  7. Liability for negligent data handling.

Civil action is more practical when the responsible company or individuals can be identified and have assets. If the perpetrators are anonymous scammers, criminal investigation and regulator complaints may be more realistic first steps.

XII. Criminal Remedies

A criminal complaint may be appropriate where there is evidence of:

  1. Use of stolen identity;
  2. Falsified documents;
  3. Fraudulent loan application;
  4. Unauthorized access to accounts;
  5. Phishing;
  6. Extortion;
  7. Threats;
  8. Cyber libel;
  9. Harassment using electronic communications;
  10. Organized scam activity.

The complaint should be supported by an affidavit, screenshots, transaction records, phone numbers, URLs, account names, and witness statements.

In the Philippines, criminal prosecution generally requires formal complaint preparation, investigation, and filing before the proper office. A lawyer can help frame the correct offenses and organize evidence.

XIII. Dealing with Defamation and Public Shaming

Some online lenders or scammers threaten to post the victim’s photo, ID, or edited images online. Others message contacts saying the victim is a thief, scammer, or fugitive.

This may raise issues involving:

  1. Cyber libel;
  2. Data privacy violations;
  3. Unjust vexation;
  4. Threats;
  5. Harassment;
  6. Civil damages for reputational harm.

The victim should screenshot defamatory posts immediately, including the URL, username, date, time, and visible comments or shares. If the content is in a private group or chat, ask recipients to preserve it and provide statements.

Do not respond emotionally online. A short written denial and notice that the matter is identity theft may be appropriate, but hostile exchanges can complicate the case.

XIV. What Evidence Is Most Useful?

Strong evidence includes:

  1. Police or NBI report;
  2. Affidavit of denial or identity theft;
  3. Screenshots of threats and demands;
  4. Proof that no loan proceeds entered the victim’s account;
  5. Bank or e-wallet statements;
  6. Copy of the alleged loan documents, if obtained;
  7. Proof that the lending company is unregistered or subject to complaints;
  8. Witness screenshots from contacts who were harassed;
  9. App permissions showing access to contacts, photos, or files;
  10. Email headers, phone numbers, URLs, and account identifiers;
  11. Credit report showing fraudulent account;
  12. Regulator complaint reference numbers.

Organize evidence by date. Use file names such as “2026-06-02 SMS threat from 09xxxxxxxxx.png” so investigators can follow the sequence.

XV. Data Subject Rights: What the Victim Can Demand

Under Philippine data privacy principles, a victim may demand that a company explain, correct, restrict, or delete personal data in appropriate cases.

The victim may ask:

  1. What personal data do you have about me?
  2. Where did you obtain it?
  3. What lawful basis do you claim for processing it?
  4. Who have you shared it with?
  5. Did you access my contacts?
  6. Did your agents message third parties?
  7. What documents were used to approve the loan?
  8. What device, IP address, or number was used?
  9. Have you reported this alleged debt to a credit bureau?
  10. Will you correct or delete the fraudulent record?

If the company refuses to respond, gives evasive answers, or continues harassment, that may strengthen a complaint to the National Privacy Commission or other authorities.

XVI. If the Victim Actually Installed a Loan App

Some cases begin with the victim installing a loan app, perhaps to check eligibility or borrow a small amount. The app may then access contacts, photos, messages, or device data. The victim should:

  1. Screenshot app permissions;
  2. Check whether the app remains available in app stores;
  3. Record the developer name and company name;
  4. Preserve the loan terms displayed;
  5. Save all collection messages;
  6. Revoke app permissions;
  7. Uninstall only after preserving evidence;
  8. Change passwords if the app had suspicious access;
  9. Warn contacts that they may receive messages;
  10. File complaints if the app misused personal data or engaged in abusive collection.

Even if the victim borrowed money, lenders and collectors are not free to harass, shame, threaten, or unlawfully disclose personal information.

XVII. If the Victim Never Installed Any App or Applied for Any Loan

If the victim had no relationship with the lender, the case is stronger as pure identity theft. The victim should emphasize:

  1. No application was made;
  2. No consent was given;
  3. No loan proceeds were received;
  4. No contract was signed;
  5. No authority was given to use the victim’s ID;
  6. Any documents or selfies used were stolen, altered, or unauthorized.

The victim should demand proof from the alleged lender. If the lender cannot produce credible proof, it should stop collection and correct records.

XVIII. If an Employer Is Contacted

Collectors sometimes call or message the victim’s workplace. This can cause embarrassment or employment risk. The victim should act quickly:

  1. Inform HR or a supervisor that the matter involves identity theft or a disputed loan;
  2. Provide a short written explanation;
  3. Ask the employer not to disclose employment details to callers;
  4. Ask that calls or messages be documented;
  5. Include workplace harassment in complaints to regulators and law enforcement.

The employer should not discipline an employee merely because of unverified collection messages. However, the victim should manage the situation calmly and provide documentation.

XIX. Protecting Credit Standing

A fraudulent loan can damage creditworthiness. The victim should:

  1. Ask the lender whether it reported the loan;
  2. Request correction or deletion of false records;
  3. Check available credit reports;
  4. Submit a dispute to the credit bureau or credit information system;
  5. Attach police reports and affidavits;
  6. Follow up until correction is confirmed in writing.

If the victim later applies for a legitimate loan, they should keep copies of dispute documents in case the fraudulent account appears during credit evaluation.

XX. Cease-and-Desist Letter

A cease-and-desist letter may be sent to the lender, collector, app operator, or any identifiable party. It should demand that they:

  1. Stop collection activity on the disputed loan;
  2. Stop contacting relatives, friends, co-workers, and employers;
  3. Stop using or disclosing the victim’s personal data;
  4. Preserve all records;
  5. Provide proof of the alleged debt;
  6. Correct inaccurate records;
  7. Identify all third parties who received the victim’s data;
  8. Confirm compliance in writing.

A lawyer’s letter may carry more weight, but the victim may send an initial written demand personally.

XXI. When to Get a Lawyer

A lawyer is especially useful when:

  1. The amount involved is large;
  2. The victim is being sued or threatened with legal action;
  3. There is serious reputational harm;
  4. The victim’s employer was contacted;
  5. Private photos, IDs, or documents were posted;
  6. The victim paid money under threat;
  7. Multiple agencies or companies are involved;
  8. A formal criminal complaint must be prepared;
  9. The victim wants to file a civil case;
  10. The lender insists the loan is valid despite evidence.

A lawyer can prepare affidavits, demand letters, complaints, and court filings, and can help avoid accidental admissions.

XXII. Common Mistakes to Avoid

Victims should avoid the following:

  1. Deleting messages before saving evidence;
  2. Paying immediately out of fear;
  3. Admitting liability in chat;
  4. Sending more IDs or selfies to unknown collectors;
  5. Clicking suspicious “settlement” or “verification” links;
  6. Ignoring bank or e-wallet account security;
  7. Failing to report quickly;
  8. Posting emotional accusations online without evidence;
  9. Negotiating by phone only;
  10. Assuming that a police blotter alone will fix credit records;
  11. Waiting until the debt is reported to credit systems;
  12. Letting collectors speak freely with employers or relatives.

Documentation and written communication are critical.

XXIII. Practical Checklist for Victims

A victim should complete the following checklist as soon as possible:

  1. Save all screenshots, call logs, messages, emails, app details, and transaction records.
  2. Create a written timeline.
  3. Change passwords and secure email, bank, e-wallet, and social media accounts.
  4. Report unauthorized transactions to banks or e-wallets.
  5. Contact the telco if the SIM or number is compromised.
  6. File a report with cybercrime authorities or local police.
  7. Send a written dispute to the alleged lender.
  8. Demand proof of the alleged loan.
  9. Demand suspension of collection.
  10. Demand that third-party contact stop.
  11. File a complaint with the NPC for data misuse.
  12. File a complaint with the SEC for abusive or unauthorized lending activity.
  13. Escalate to the BSP if a regulated financial institution or e-wallet is involved.
  14. Check and dispute credit records.
  15. Inform relatives, co-workers, and employers not to engage or pay.
  16. Consult a lawyer if threats, defamation, large losses, or formal claims are involved.

XXIV. Sample Affidavit Outline

An affidavit may follow this structure:

Affidavit of Identity Theft and Denial of Online Loan

I, [Name], of legal age, Filipino, and residing at [address], after being sworn, state:

  1. I am the person whose identity and personal information appear to have been used in connection with an alleged online loan from [name of lender/app].
  2. I did not apply for, authorize, sign, receive, or benefit from the alleged loan.
  3. I discovered the matter on or about [date] when [describe what happened].
  4. I received messages, calls, or demands from [numbers/accounts], copies of which are attached.
  5. My relatives, friends, co-workers, or employer were contacted by [numbers/accounts], despite their having no liability for any alleged obligation.
  6. I believe my personal information, including [IDs, phone number, address, photos, or other data], was used without my consent.
  7. I have taken steps to secure my accounts and report the matter to relevant authorities.
  8. I execute this affidavit to attest to the truth of the foregoing, to deny the alleged debt, to support complaints before proper authorities, and to request correction of any inaccurate record concerning me.

The affidavit should then include the affiant’s signature, jurat, notarial details, and attachments.

XXV. Sample Letter to the Alleged Lender

Subject: Formal Dispute of Alleged Loan and Notice of Identity Theft

To [Company/Lender]:

I am writing to formally dispute the alleged loan under my name. I deny applying for, authorizing, signing, receiving, or benefiting from the alleged loan. I believe my personal information was used without my consent.

I demand that your company immediately:

  1. Suspend all collection activity while this dispute is investigated;
  2. Stop contacting my relatives, friends, co-workers, employer, and other third parties;
  3. Preserve all records related to the alleged application and loan;
  4. Provide copies of all alleged application forms, contracts, disclosure statements, IDs, selfies, electronic signatures, IP logs, device logs, phone numbers, disbursement records, and payment records;
  5. Identify the source of the personal data used;
  6. Confirm whether this alleged loan has been reported to any credit bureau, credit information system, or third party;
  7. Correct, delete, or restrict processing of inaccurate or unlawfully processed personal data concerning me.

Nothing in this letter should be treated as an admission of liability. I reserve all rights under applicable criminal, civil, consumer protection, and data privacy laws.

Sincerely, [Name] [Contact details]

XXVI. Conclusion

Identity theft from online loan scams should be treated as both a fraud problem and a data privacy problem. The victim must move quickly to preserve evidence, secure accounts, report to law enforcement, dispute the debt, stop harassment, protect credit standing, and escalate complaints to the appropriate regulators.

The most important legal principle is this: a person should not be made liable for a loan they did not apply for, authorize, receive, or benefit from. But proving that position requires documentation. The victim’s best protection is a clear paper trail: screenshots, affidavits, police or cybercrime reports, written disputes, regulator complaints, and credit correction requests.

In serious cases involving large sums, public shaming, threats, employer contact, or repeated misuse of personal data, the victim should seek legal assistance immediately.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login