Online

How do you spot a fake WeTransfer email?

Email icon on iPhone
Spam alert: detect WeTransfer scams

WeTransfer is a great way to send large files to people via email. However, the service is also a common target for fraudsters, who create fake WeTransfer emails to get people to click on malicious links. We’re going to show you how to spot a fake WeTransfer email.

Signs a WeTransfer email is fake

There are a few telltale signs that a WeTransfer email, such as the one shown above, is a scam.

1. The first thing to check is the sender’s address. Most email apps hide the actual address, so you may have to click on the sender’s name to reveal the full email address. Although the sender of this email is called ‘WeTransfer’, when I click on that sender’s name it reveals the sender’s email address is actually support@arichem-ke.co, as shown below. That’s clearly not coming from WeTransfer. Genuine WeTransfer emails arrive from noreply@wetransfer.com.

2. Look again at the full email shown above. It says “You have received some files via wetransfer”. The brand name is WeTransfer, with a capital W and T. Mistakes like this are a warning bell that something isn’t right.

3. The list of files you’re being invited to click on include ‘Purchase Order’ and ‘List of items’. It’s classic baiting. The fraudsters are trying to con you into thinking someone has placed an order using your or your company’s account details. ‘Invoice’ or ‘Your receipt’ are other common traps.

What does a genuine WeTransfer email look like?

At the time of writing in August 2022, a genuine WeTransfer email looks like this:

It looks pretty similar to that faked message and you can see why people are caught out. Again, the sender address is the strongest clue that it is genuine, although even they can be spoofed, so don’t rely on that alone. If you’re not expecting a WeTransfer message, it’s normally best to ignore it.

What should I do with a fake WeTransfer email?

Nothing. Just delete it. You can try marking it as spam in your email app, but the email domains used by the fraudsters change so quickly that it’s unlikely to have any effect.

Don’t click on any links in the email, even out of curiosity, because it could trigger a malicious download and will confirm your email address is active and susceptible to cons. It will likely massively multiply the amount of junk you receive.

Also avoid the temptation to reply to the email, giving the fraudster a piece of your mind. They won’t read it and it will only confirm your email address is active, leading to more spam.

Received an Ofgem rebate email?

About the author

Barry Collins

Barry has scribbled about tech for almost 20 years for The Sunday Times, PC Pro, WebUser, Which? and many others. He was once Deputy Editor of Mail Online and remains in therapy to this day. Email Barry at barry@bigtechquestion.com.

Add Comment

Click here to post a comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.