If you've received a WeTransfer link that doesn't seem genuine, wait before downloading and double-check a few things first.
How we protect you
We work hard to actively block and prevent spammers from misusing our platform. Verification codes are sent exclusively to your email inbox — without one, a transfer cannot be sent. Ultimate, Teams, and Enterprise users also benefit from automatic malware scanning on their downloads. No malware tool is bulletproof, so always use caution.
Warning signs to check
- Unexpected transfer — you were not expecting files from this sender.
- Unknown sender — you do not recognize the sender's name or email address.
- Mismatched sender identity — you recognize the sender's name, but the email address is different. Contact your known sender through a separate channel to verify.
- Very small file size — the files are unusually small, typically only a few hundred KB.
- Subject involves money or documents — invoices, payments, proposals are common phishing tactics.
- Message contains an external URL — a link that leads away from WeTransfer to an external site, often with your email address appended.
- Suspicious file types — .jpg, .scr, .exe, .doc, or .html files that may be disguised.
What to do
- If you recognize the sender but are unsure, contact them directly through a known channel before downloading.
- If you do not recognize the sender or the transfer looks suspicious, do not download the files.
- Use the 'Report this transfer' button to flag the transfer.
The most important rule: if something feels wrong, do not download. Trust your instincts and verify first.