Medium riskEmail Scams

WeTransfer File Scam

This scam imitates WeTransfer or a similar file-sharing service. You receive an email saying a contact has sent you files, with a prominent Download button. Instead of delivering a file, the link opens a fake login page designed to capture your email address and password, often your work account. Because file transfers feel routine at work, many people click without checking. Treating an unexpected transfer with caution and verifying the sender first are the safest responses.

Quick verdict

Risk level
Medium risk
Scam type
File-sharing phishing scam
Main red flag
A file-transfer email pushes you to a login page that asks for your email password before showing any file.
What to do first
Do not enter any password. Check the sender's full email address and the link destination before clicking, and verify with the supposed sender through a separate channel.

What this scam usually looks like

This scam imitates WeTransfer or a similar file-sharing service. You receive an email saying a contact has sent you files, with a prominent Download button. Instead of delivering a file, the link opens a fake login page designed to capture your email address and password, often your work account. Because file transfers feel routine at work, many people click without checking. Treating an unexpected transfer with caution and verifying the sender first are the safest responses.

Example message pattern

Example pattern — not a real report
Example pattern: "You have received files via WeTransfer. 1 file, expires in 3 days. Click [suspicious link] to download. Powered by WeTransfer."

This is a fictional, anonymised example used to illustrate the pattern. It is not a verified real message, and any names are used only to show how the scam typically reads.

Red flags to watch for

  • The download link leads to a sign-in page asking for your email and password, which the genuine service does not require to view a shared file.
  • The sender's email address does not match the real service domain, or the file is supposedly from a contact you were not expecting anything from.
  • Hovering over the Download button shows a web address that is unrelated to the file-sharing company.
  • The email creates pressure with a short expiry time, encouraging you to click quickly rather than check.
  • The file name or message is vague, such as "Invoice" or "Documents", with no personal detail about why it was sent.

What to do

  • Check the sender's full email address and hover over the link to see where it actually leads before clicking.
  • If the email claims to be from a colleague or contact, confirm with them directly by phone or a known chat channel that they sent files.
  • Go to the file-sharing service by typing its address yourself rather than following the email link.
  • Report suspicious emails to your IT or security team if it arrived on a work account, as these are commonly used to target businesses.

If you already clicked or replied

  • If you entered your password, change it immediately on the genuine account, and update it anywhere else you reused the same one.
  • Turn on two-factor authentication for that account if it is not already active, so a stolen password alone is not enough to log in.
  • Tell your IT or security team straight away if it was a work account, as attackers may use it to reach colleagues.
  • Watch for unexpected login alerts or sent emails you did not write, which can signal someone else has access.

What not to do

  • Do not enter your email password on a page reached through a file-transfer link.
  • Do not assume the email is genuine just because it uses familiar branding and logos.
  • Do not download or open attachments from a transfer you cannot verify with the sender.

Similar scams

Medium risk Email

Fake DocuSign Email Scam

This scam sends a fake 'you have a document to review and sign' email with a 'View Document' link that leads to a credential-harvesting page or to malware instead of a genuine document.
Medium risk Email

Dropbox Shared File Scam

This scam sends an email claiming someone shared a Dropbox file or folder with you. The 'View file' link leads to a fake login page designed to capture your email address and Dropbox or work password.
High risk Email

Microsoft Account Email Scam

This scam sends a fake Microsoft or Outlook email about an unusual sign-in or an account about to be closed, linking to a fake Microsoft login page that captures your email and password.

Frequently asked questions

Does WeTransfer ask for my password to download a file?
Legitimate file transfers generally let you download a shared file without signing in with your email password. A page demanding your password before showing the file is a common sign of phishing, so it is safer to stop and verify.
The email looks like it came from a colleague. Could it still be fake?
Yes. Scammers often spoof a sender name or use a compromised account so the message appears to come from someone you know. Confirming through a separate channel, such as a quick phone call, is the safest way to check.
What are scammers trying to get from this?
Most of these pages aim to capture your email or work login details. With those, attackers may read your messages, reset other accounts, or send convincing scam emails to your contacts.
I only clicked the link but did not type anything. Am I at risk?
Clicking alone is usually lower risk than entering details, but it is still wise to run a security scan, avoid any further prompts, and report the email. If anything was downloaded, do not open it.

Last reviewed: June 2026

Disclaimer: This page provides educational information only to help you recognise common scam patterns. It is not legal, financial, cybersecurity, or law enforcement advice, and it does not confirm whether any specific message, company, or person is genuine or fraudulent. When in doubt, contact the official organisation directly and report concerns to your local authorities.