»

Beware of "WeTransfer Someone Has Sent You a File" Phishing Scams

 +
Beware of "WeTransfer Someone Has Sent You a File" Phishing Scams

Would you share this article with someone to help inform him/her?

The email message below with the subject "Someone has Sent you a File via WeTransfer," which appears as if it was sent by WeTransfer, a popular cloud-based file transfer service based in Amsterdam that allows internet users to send small to large files, is a phishing scam. The fake email message was created and sent by cyber criminals to trick the recipients into clicking on the link within it, which will take them to a compromised or hacked website, used by cyber-criminals to steal their potential victims' Outlook, Hotmail, Gmail, Yahoo, AOL and other email accounts username and password.

Please continue reading below.

Update: Cyber criminals have created new versions of the malicious "WeTransfer" email message, please view them in the comment section below.

The Fake WeTransfer Email Message

Subject: Someone has sent you a file via WeTransfer
From: WeTransfer (noreply@wetransfer.com)

You have received a new file.

Download

Files (28 MB total)
Will be deleted on
12 October, 2015

Get more out of WeTransfer, get Plus

WeTransfer Contact Legal Powered by Amazon Web Services

The links in the fake email message do not go to the legitimate WeTransfer website located at https://www.wetransfer.com, instead, the links go to a compromised or hacked website.

The Compromised or Hacked Website

Fake WeTransfer Website

Once on the compromised website, the potential victims will be asked to sign-in with their Outlook, Hotmail, Gmail, Yahoo, AOL or other email accounts. Once the victims have entered their information in an attempt to sign-in, their email account's username and password will be sent to the cyber-criminals or scammers behind the scam. With the victims’ credentials or sign-in information, the cyber-criminals will gain access to their email accounts and use them fraudulently.

Therefore, the recipients of email messages, which appear as if they were sent by WeTransfer, claiming that they have received a new file, should ensure that when they click on any of the links in the email message, they are taken to https://www.wetransfer.com. If they are taken to any other websites, they should close the web browser window and delete the email message.

Recipients of the fake WeTransfer email message who clicked on one of the links in the fake email message and who attempted to sign into the fake website are asked to change their email accounts password immediately, before the cyber-criminals use their stolen credentials to lock them out of their accounts, by changing their passwords.

Note: Some of the names, addresses, email addresses and telephone numbers in email samples on this website may have been impersonated.

Please share what you know or ask a question about this article by leaving a comment below. Also, check the comment section below for additional information, if there is any.

Remember to forward suspicious, malicious, or phishing email messages to us at the following email address: info@onlinethreatalerts.com

Also, report missing persons, scams, untrustworthy, or fraudulent websites to us. Tell us why you consider the websites untrustworthy or fraudulent.

If you want to quickly find answers to your questions, use our search engine.

Comments, Questions, Answers, or Reviews
(Total: 35)

To help protect your privacy, please do not post or remove, your full name, telephone number, email address, username, password, account number, credit card information, home address or other sensitive information in or from your comments, questions, or reviews. And, when you post a comment or review, we will use your IP address to display your approximate location to other users.

Please continue reading below.

The comments or reviews below do not necessarily reflect the views of Online Threat Alerts.

  • Oct 29, 2018 at 4:19 PM by an anonymous user from Sydney, New South Wales, Australia

    I fell for a WeTransfer scam yesterday.

    The letter appeared to come from my solicitor, with all the credentials and presentation perfect. But how they managed to send as such was his credentials?

    On closer examination, the letter was to "Undisclosed Recipients", so I would suggest anybody receives e-mails to go back and check this.

    Not sure if this is the hallmark of this type of e-mail, perhaps someone could explain more.

    I have thought the many years, and an increasingly doing so that so-called 'Snail Mail' was in the better – certainly for security, and in some ways although slower perhaps was ultimately more efficient in that letters were answered and not lost as e-mail spam/trash.

    delete

  • Oct 9, 2018 at 5:36 AM by info

    Here is another scam:

    "From: WeTransfer [mailto:noreply@wetransfer.com]
    Sent: Tuesday, October 9, 2018 2:44 PM
    Subject: You just received a files via WeTransfer

    You have received a files via WeTransfer

    2 files, 138 MB in total · Will be deleted on 30 August, 2018

    Download Link

    Click Here to Download File

    WeTransfer"

    delete

  • Aug 23, 2018 at 10:47 AM by info

    Here is another scam:

    "From: WeTeam <no_reply@WeTeam.com>
    Sent: Thursday, August 23, 2018 4:23 AM
    Subject: Stragate Limited Sent You A File Via WeTransfer

    Click 'Download images' to view images
    Stragate Limited
    sent you a file
    1 file, 213 KB in total ・ Will be deleted on 25th August, 2018

    Download File Here

    Download link
    https://wetransfer.com/downloads/
    1 file
    Sample Order.pdf"

    delete

  • Jun 22, 2018 at 6:43 PM by an anonymous user from San Diego (Mira Mesa), California, United States

    I just got something from "no-reply at wetransfer.com," which I was suspicious of, so I emailed the person who supposedly sent the file to me.

    I've gotten no response, so I am deleting the email without using the link. I assume I am in no danger if I only opened the email?

    delete

    • Jun 22, 2018 at 8:33 PM by info

      You will only be in danger if you open an attachment or click on a link in a malicious email.

      delete

  • Apr 12, 2018 at 7:33 PM by an anonymous user from Rockville, Maryland, United States

    My friends have asked if I sent a ‘we transfer’ file. I didn’t. What should I do?

    delete

    • Apr 12, 2018 at 8:25 PM by info

      Tell your friend to be careful because scammers are sending the fake and malicious emails and spoofing the From address to make them appear as if they came from someone else.

      Use the Search button above and search for "Email Spoofing" to learn more.

      delete

  • Mar 20, 2018 at 11:36 AM by an anonymous user from Baton Rouge, Louisiana, United States

    3-19: received WeTransfer email. Appeared legit from a known source. Downloaded and opened file. Pointed to AOL, and entered a password. Turned off the computer. Have not rebooted that computer since. Using a laptop, iPhone 8, and iPad2, tried to change AOL password. Unsuccessful.

    Suggestions?
    Thx
    Norm

    delete

    • Mar 20, 2018 at 2:01 PM by info

      Contact your AOL immediately before your account is used fraudulently.

      delete

  • Mar 11, 2018 at 9:27 PM by an anonymous user from Wellington, New Zealand

    Received this email 12 March 2018. Clicked but then closed webpage and called the alleged sender to check. Bu not attempting to sign in, am I still in danger?

    delete

    • Mar 11, 2018 at 9:51 PM by info

      No. Once you didn't enter your password on the webpage that you were taken to, you are OK.

      delete

  • Mar 11, 2018 at 2:54 PM by an anonymous user from Lakeville, Minnesota, United States

    RCVD this email 3-5-2018. Didn't open.

    delete

  • Mar 5, 2018 at 6:27 PM by an anonymous user from Sydney, New South Wales, Australia

    Just received this type of email from We Transfer, stating that it was a file from the Australian Tax Office.

    delete

  • Mar 5, 2018 at 3:13 PM by an anonymous user from New Orleans, Louisiana, United States

    We just got the identical WE TRANSFER phishing email in our organization. Twelve of 86 users clicked the link that appeared to have come from our GM.

    delete

  • Nov 28, 2017 at 8:55 PM by info

    Here is another scam:

    ---------- Forwarded message ----------
    "From: WeTransfer <noreply@wetransfer.com>
    Date: Tue, Nov 28, 2017 at 3:47 PM
    Subject: jeff@seilngo.com sent you files via WeTransfer

    Click 'Download images' to view images

    jeff@seilngo.com

    sent you some files

    1 file, 159 KB in total ・ Will be deleted on 28 December 2017
    Get your files

    Regards
    Jeffrey Selingo

    Download link

    1 file
    This is a secure, encrypted message.pdf

    To make sure our emails arrive, please add noreply@wetransfer.com to your contacts.
    Sent through WeTransfer Plus
    About WeTransfer ・ Help ・ Legal"

    delete

  • Nov 17, 2017 at 8:34 AM by an anonymous user from Vilnius, Republic of Lithuania

    Got 2 fake e-mails from aib@wire-transfer.ie and payment@aib.ie.

    delete

  • Nov 15, 2017 at 5:47 PM by an anonymous user from New York, United States

    I received this. Thought you should know:


    "Begin forwarded message:

    From: WeTransfer <noreply@wetransfer.com>
    Subject: ehealy.ent@comcast.net sent you files via WeTransfer
    Date: November 14, 2017 at 12:19:57 PM EST
    To: (My email)
    Reply-To: ehealy.ent@comcast.net

    Click 'Download images' to view images
    ehealy.ent@comcast.net
    sent you some files
    1 file, 89.6 KB in total ・ Will be deleted on 14 December, 2017

    Get your files

    I have just sent an important document to you via WeTransfer to make it secured as it's the new safest and secured application to send important document.I tried to send it through a direct mail but no luck.I really need you to go through it and then get back to me.


    Best,

    Elizameth Healey
    ehealy.ent@comcast.net
    ehealy@healyentertaiment.com

    Download link
    information.html

    To make sure our emails arrive, please add noreply@wetransfer.com to your contacts.

    Sent by private-information.wetransfer.com
    About WeTransfer ・ Help ・ Legal"

    delete

  • Sep 21, 2017 at 6:41 AM by info

    Here is another scam:

    ---------- Forwarded message ---------
    From: WeTransfer <noreply@wetransfer.com>
    Date: Thu, 21 Sep 2017 at 12:24
    Subject: connect@online.org sent you files via WeTransfer

    Click 'Download images' to view images

    connect@online.org
    sent you some files
    1 file, 216 KB in total ・ Will be deleted on 28 September, 2017
    Get your files
    New payment confirmation

    Download link
    1 file
    Electronic payment confirmation.pdf

    delete

  • Sep 8, 2017 at 1:36 PM by an anonymous user from Parthenay, Nouvelle-Aquitaine, France

    Received today: "cverdon13@gmail.com vous a envoyé des fichiers avec WeTransfer"

    It looks genuine (I live in France and know a lot of French people) but I have never heard of C Verdon and am not expecting any transfers so have put the message unopened in my "trash".

    delete

  • Sep 7, 2017 at 9:32 AM by an anonymous user from Rockville, Maryland, United States

    I received an email telling me that someone I know is sharing a file through We Transfer. The attached PDF file opened a document telling me to "view the folder on We-transfer", with a link titled "Review Document". The link pointed to "hxxp://we-transfer.info/new/We-updated/"

    Clearly a phishing link...

    delete

    • Sep 7, 2017 at 1:28 PM by info

      Yes, it is a phishing scam.

      delete

  • Aug 14, 2017 at 2:21 PM by info

    Here is another scam:

    "From: WeTransfer <noreply@wetransfer.com>
    Date: August 14, 2017 at 5:30:56 AM PDT
    Subject: nalihelpblow1985@gmail.com sent you files via WeTransfer

    Click 'Download images' to view images

    sent you some files

    1 file, 11.7 KB in total ・ Will be deleted on 21 August, 2017
    Get your files
    Resale of the popular information product for a simple penny"

    delete

  • Feb 28, 2017 at 12:46 PM by an anonymous user from Norfolk, Virginia, United States

    I was sent this email, but did not log into the false website. Do I need to be concerned just from clicking within the email? I'm running my scans now to see if my system was compromised. Thanks

    delete

    • Feb 28, 2017 at 3:25 PM by info

      You are OK, as long as you didn't download and install any application, or sign into the fake and malicious website that you were taken to.

      delete

  • Nov 17, 2016 at 8:34 AM by an anonymous user from Central, Central and Western District, Hong Kong

    I got spammed by this and it took over our server and sent out thousands, which were returned to me,
    however if it got into my email, why didn't it send to my contact list, which did not happened. Is there a tool to remove this virus from your system?

    delete

    • Nov 17, 2016 at 8:55 AM by info

      Probably your server was not taken over. It seems that the spammers sent the email messages to people from their servers with your email address as the "From Address," which would cause the undelivered email messages to be returned to you. This technique is called Email Spoofing. <a href="/article/2013/1/28/what-is-email-spoofing/">Click here</a> to learn more.

      delete

  • Nov 15, 2016 at 8:00 AM by info

    Here is another scam:

    "Sent: Tuesday, November 15, 2016 6:45 AM
    Subject: has shared folders via WeTransfer

    sent you some DOCS
    ‘DOCUMENT’
    REVIEW"

    delete

  • Sep 27, 2016 at 8:34 AM by info

    Here is another malicious email:

    "--- Original Message -----
    From: "WeTransfer" <noreply@we-transfer.cloud>
    Sent: Mon, 26 Sep 2016 18:20:23 -0700
    Subject: Jennie Fricks has sent you a file via WeTransfer

    Jennie Fricks
    sent you some files
    An additional agreement with ST Barbara Limited

    Download

    Files (2.91 MB total)
    Additional agreement - September 2016.zip
    Will be deleted on
    30 September, 2016

    Get more out of WeTransfer, get Plus

    About WeTransfer Contact Legal"

    delete

  • Sep 27, 2016 at 2:57 AM by info

    Here is another malicious email that should be deleted if received:

    "From: WeTransfer <noreply@we-transfer.cloud>
    Date: 27 September 2016 at 03:28:39 GMT 2
    Subject: Dennis Stewart has sent you a file via WeTransfer

    Dennis Stewart
    sent you some files
    An additional agreement with Iron Mountain Incorporated Cdi 1:1

    Download

    Files (3.77 MB total)
    Additional agreement - September 2016.zip
    Will be deleted on
    30 September, 2016

    Get more out of WeTransfer, get Plus"

    delete

  • Sep 26, 2016 at 8:26 PM by an anonymous user from Varsity Lakes, Queensland, Australia

    I was thinking about sending them an abusive email, but decided against it, figured it would just confirm my existence to them.

    delete

    • Sep 27, 2016 at 1:17 AM by info

      Yes, that's true.

      delete

  • Jul 7, 2016 at 12:18 PM by an anonymous user from Windsor, Connecticut, United States

    I clicked on the "download" button and was asked to give my email address and password. I did not do so. Do I have to worry about being compromised?

    delete

    • Jul 7, 2016 at 12:24 PM by info

      No, because you didn't submit your email address and password. But, if you had done so, the best thing to do is to change your email account password immediately.

      delete

      • Sep 27, 2016 at 4:34 AM by an anonymous user from Midrand, Gauteng, South Africa

        I did as I thought it was obviously secure and it send the "wetransfer" email to all my gmail contacts. Have changed my password, is there anything else I need to do or be concerned about.

        delete

        • Sep 27, 2016 at 4:44 AM by info

          Contact everyone in your Gmail contacts and let them know the "WeTransfer" email is malicious. You may also share this article with them.

          delete

 Show More Comments (35)
Write Your Comment, Question, Answer, or Review
Write your comment, question or review in the box below to share what you know or to get answers. Please revisit after an hour or more to view reponses or answers to you questions.

Your comment, question or review will be posted as an anonymous user because you are not signed in. Sign-in.