Is WeTransfer safe for sending files?

Tips & tricks
6 mins
People looking at a phone.

WeTransfer is a convenient way to send and receive files that are too large to be sent by email. But is it safe and secure enough to send sensitive documents and photos? We break down the risks and when you should use it.

Jump to…
What is WeTransfer?
Is WeTransfer secure?
WeTransfer limits
Should you send files via WeTransfer?
WeTransfer scams
WeTransfer alternatives

What is WeTransfer?

WeTransfer is a cloud-based file transfer service that allows users to send and receive large files over the internet. The files might be too large to be easily sent by email, or the sender might simply want to avoid taking up space in their email account.

The sender just has to go to WeTransfer’s website or app and upload files to WeTransfer’s servers. The recipient receives a link to download the files, either sent by WeTransfer via email or by the sender directly. The files are stored by WeTransfer for a fixed duration, when the recipient is able to download them.

Is WeTransfer secure?

Yes, WeTransfer has strong safeguards overall, but if confidentiality is paramount for your files, there are a few things to know before you hit “transfer.” 

You might be sending a set of photos in full resolution and not worry too much about someone stealing them. But if it’s sensitive material you’re sending, such as legal documents or evidence of wrong-doing by a government or company, you’ll want to ensure that the file service you’re using has protections in place to prevent interception. Here’s what you should know about WeTransfer security.

WeTransfer encryption

According to WeTransfer, files are encrypted when they are being transferred using TLS, and they are encrypted when they are stored using AES-256. These encryption standards are strong, preventing anyone unauthorized from reading your files.

This raises the question of who is authorized. The files can only be accessed using the unique link sent to the sender and recipient. The risk is that a third party could find out the link. You could have sent it to someone unintentionally. Or a hacker with determination could attempt to intercept your online traffic to get the link. This is why you should only share WeTransfer links to sensitive files using end-to-end-encrypted methods and over secure connections (not over unsecured public Wi-Fi).

WeTransfer authentication

WeTransfer offers two-factor authentication, which makes it very hard for someone to try to access your account. Even if they find out your password, they would still need a one-time code generated by an authenticator app on your phone to get in. But you can only benefit from this feature if you choose to use it—which you definitely should!

When it comes to the file transfers, for the free tier, anyone can access the files via a link. For the paid tiers, a password can be placed on files, preventing an unauthorized person from downloading it if they manage to get the link. It’s important to only share such passwords in a secure manner, like over end-to-end encrypted communication methods.

Malware sent via WeTransfer

Attackers have taken to WeTransfer to send malicious or illegal content. This could include files containing phishing links or malware files that could lead to a takeover of a device. WeTransfer has tackled this problem by partnering with Microsoft, which has the ability to identify hosting sources for attacks used against its own Microsoft 365 customers. Using this data, Microsoft analyzes the metadata of WeTransfer files to identify problematic ones. 

According to WeTransfer, this method has lowered the incidence of malicious transfers. For users, this means greater assurances that a file you’ve received is not malicious—but we would still advise not to download any file you aren’t expecting. Verify the sender and find out what the file is before downloading.

Can WeTransfer share your files with governments?

Since WeTransfer stores your files for a time period, it’s important to understand what risks come with that storage. WeTransfer is based in Amsterdam, so it follows the relatively strong EU laws surrounding data protection. But non-EU user data lands in U.S. servers by default, and it is bound by the Patriot Act to submit user information and files if compelled by government agencies. 

WeTransfer limits

There are three tiers of WeTransfer accounts, each offering different limits on file sizes that you can send.

File size per transfer2GB200GBUnlimited
Price$0$10/month (for annual plan)$19/month (for annual plan)


Should you send files via WeTransfer?

Yes, under most circumstances, it is safe enough to send files via WeTransfer. The files you send will be encrypted, preventing hackers from accessing them. If your files aren’t sensitive, WeTransfer offers a convenient, free way to send them without taking up space in your email.

If your files are sensitive, it would be safer to use a paid tier of WeTransfer so that you can password protect the download link. Without a password, anyone who receives the link would be able to download the file. 

However, using WeTransfer as a middle man inevitably introduces greater risk than sending files to someone directly, as the company’s servers could suffer a breach, or the company could erroneously send your files to the wrong person, as has happened before. That said, sending files directly (say, via email or WhatsApp) is not always possible or practical due to file size or the sheer number of files.

WeTransfer scams

If you receive a WeTransfer email notifying that someone has sent you a file, be wary of possible scams. WeTransfer-related scams can either take the form of someone sending you a fraudulent notification email that looks like it’s from WeTransfer, or someone sending a malicious file through WeTransfer.

  • Fake WeTransfer notifications. Scammers may send emails posing as WeTransfer notifications, tricking recipients into clicking on malicious links or downloading harmful attachments. These emails often imitate the appearance of genuine WeTransfer notifications and may request personal information or prompt the installation of malware.
  • Real notification, malicious downloads. Scammers may create WeTransfer accounts or use compromised WeTransfer accounts to send phishing emails or distribute malware. These emails may appear to come from a known contact or a trusted source, increasing the likelihood of the recipient falling victim to the scam.

WeTransfer alternatives

There are several alternative file transfer services available that offer similar functionalities to WeTransfer. Here are some popular ones:

  1. Dropbox, a cloud storage and file sharing service, allows users to upload and share files with others by generating shareable links. Dropbox offers both free and paid plans with varying storage capacities.
  2. Google Drive provides file hosting, sharing, and synchronization. It integrates seamlessly with other Google services and offers generous free storage options, as well as paid plans for additional storage.
  3. OneDrive is Microsoft’s cloud storage and file sharing service. It enables users to store files and share them with others, and it integrates well with Microsoft Office applications. 
  4. Filemail allows users to send large files. It offers features such as encryption, customizable branding (so the transfer notification email has your logo), and the ability to track file downloads.
  5. TransferNow is a user-friendly file transfer service that enables users to send large files up to 5 GB without the need for registration. This free tier also allows for password protection for transfers.
  6. pCloud Transfer is a file transfer service that prides itself on being Swiss-based, meaning it has stronger data protections than most competitors.

FAQ: About using WeTransfer

Is WeTransfer free?
How to use WeTransfer?
Can I use WeTransfer anonymously?
Phone protected by ExpressVPN.
Privacy should be a choice. Choose ExpressVPN.

30-day money-back guarantee

A phone with a padlock.
Enjoy a safer online experience with powerful privacy protection
What is a VPN?
Vanessa is an editor of the blog.