Submitted by Global Scam Watch on

File sharing scamsFile-sharing platforms like WeTransfer, Dropbox, Google Drive, and OneDrive are convenient and trusted, which is exactly why scammers target them. Criminals send fake file-sharing notifications to trick you into revealing passwords, downloading malware, or opening dangerous documents.


๐Ÿ” How the WeTransfer Scam Works


๐Ÿ“ฉ Fake file-share notifications claiming to be from colleagues, clients, or companies.
โณ Urgent messages like โ€œReview this ASAPโ€ to pressure quick clicks.
๐ŸŽญ Links to counterfeit WeTransfer login pages to steal credentials.
๐Ÿ’ป Malware hidden in the โ€œshared fileโ€ download.
๐Ÿ“‰ Real-world case: In 2019, a WeTransfer breach accidentally sent files to the wrong recipients showing vulnerabilities scammers can exploit.


๐Ÿ“‚ Similar Scams on Other Platforms

๐Ÿ“ฆ Dropbox


โœ‰๏ธ Phishing emails using fake Dropbox branding (โ€œno-reply@dropbox-mailโ€ขcomโ€) leading to credential theft or malware.
๐Ÿ”‘ Stolen logins from past breaches used to send malicious files.
๐Ÿข Fake HR messages about โ€œbenefitsโ€ or โ€œpayroll changesโ€ carrying malicious links.

๐Ÿ“„ Google Drive


๐Ÿ“ง Bogus Google Doc notifications (โ€œProject Proposal 2025โ€) leading to fake login pages.
๐Ÿฆ  Malware embedded in Google Docs or shared Drive files, bypassing email filters.
โšก Urgent โ€œAccount lockedโ€ warnings to trigger impulsive clicks.

โ˜๏ธ OneDrive


๐Ÿ”’ โ€œRestricted fileโ€ tricks requiring sign-in on fake Microsoft pages.
๐Ÿ’ผ Business email compromise โ€” hacked contacts share malicious files via legitimate OneDrive alerts.
๐Ÿ“ฉ Fake IT emails claiming to be โ€œOneDrive Security Updates.โ€


๐Ÿšฉ Red Flags


๐Ÿšซ Unexpected file-sharing requests from unknown or off-domain senders.
โฐ Threats like โ€œAct now or lose access!โ€
๐ŸŒ Links with look-alike domains (e.g., drive-login-secureโ€ขcom).
โœ๏ธ Typos, bad grammar, or low-quality branding.
๐Ÿ”‘ Requests for passwords, payments, or โ€œstorage upgrades.โ€


๐Ÿ›ก How to Stay Safe


๐Ÿ‘€ Verify the senderโ€™s email address โ€” hover over links before clicking.
๐Ÿ“Œ Go directly to the platformโ€™s official website or app, never via email links.
๐Ÿ” Enable two-factor authentication on all file-sharing accounts.
๐Ÿ›  Scan all downloads with reputable antivirus software.
๐Ÿ•’ Slow down if a message feels rushed or threatening.
๐Ÿ“ค Report phishing emails to the platform and your email provider.


๐Ÿ›‘ If You are Targeted or Compromised


๐Ÿšท Do not click or download anything suspicious.
๐Ÿ”‘ If you entered credentials, change your password immediately on a safe device.
๐Ÿง Check for unauthorized account activity.
๐Ÿ“ข Report to the platformโ€™s support team and relevant cybercrime authorities (e.g., FTC, CISA).


๐Ÿ’ก Tip: For highly sensitive files, use services with true end-to-end encryption. WeTransfer, Dropbox, Google Drive, and OneDrive do not enable this by default.