Fake Wise Transfer-Verification Phishing
Scammers send emails mimicking Wise's transfer-alert format, claiming a large international payment is pending verification and demanding recipients log in via a fraudulent link. Victims who comply hand over their Wise credentials and may lose funds held in their Wise multi-currency accounts.
Part of: Phishing
Last reviewed: 7 June 2026
Wise (formerly TransferWise) is a popular service for international money transfers and multi-currency accounts, used by freelancers, small businesses, and expats. Because users often receive genuine transfer-confirmation and balance-update emails from Wise, fraudulent alerts styled in the same format can be difficult to distinguish at a glance.
The phishing emails typically claim that an outgoing transfer is pending identity verification, that a large incoming payment requires confirmation before it can be credited, or that unusual activity has triggered a temporary hold. In each case, a button labelled something like 'Verify Now' or 'Confirm Transfer' leads to a convincing clone of Wise's login page on an unrelated domain.
After credentials are captured, attackers log in to the real Wise account, change the account's linked phone number to intercept OTPs, and either transfer funds out or modify the payout bank accounts used for salary or freelance payments. Multi-currency balances can be converted and moved quickly, so victims may lose multiple currencies at once.
How this scam works on the Wise brand
Real Wise emails originate from @wise.com (or @transferwise.com for older communications) and direct users only to wise.com for any account actions. Wise's genuine customer support is delivered exclusively through in-app chat or the help centre at wise.com/help — Wise does not call customers out of the blue to discuss pending transfers.
Fake Wise emails frequently use domains such as wise-secure-verify.com or transferwise-alerts.net. The email's visual design closely matches Wise's minimalist style, but small inconsistencies appear on closer inspection: fonts rendered differently, the Wise logo positioned slightly incorrectly, and footer links pointing to the fraudulent domain rather than wise.com.
Some campaigns target Wise Business account holders specifically, because these accounts may hold higher balances and process payroll or supplier payments. In these cases, the fake email references a 'compliance review' or 'new EU regulation requirement' to add legitimacy.
Common red flags
- Sender address is not @wise.com or @transferwise.com
- Email claims a transfer is 'pending verification' — real Wise transfers confirm instantly or show status in the app
- Login link does not resolve to wise.com when you hover over it
- Message asks for additional personal details beyond a simple login
- Urgency: 'funds will be returned to sender if not verified within 24 hours'
- Any incoming-payment notification you were not expecting from a known sender
- Request to install software or grant remote access to resolve the issue
How to protect yourself
- Log in directly at wise.com — never via a link in an email — to check your real transfer status
- Enable two-factor authentication via the Wise security settings
- Review your Wise account's linked phone number and email regularly to detect unauthorised changes
- Contact Wise support through the official in-app chat if you have concerns about a transfer
- Never provide your full password to anyone claiming to be from Wise, including over the phone
- Check the full sender email address, not just the display name, before acting on any message
- For business accounts, require two-person sign-off on large outgoing transfers where possible
How to report it
- Forward the phishing email to [email protected]
- Report the fraud through Wise's in-app chat at wise.com/help
- Submit the fraudulent URL to your national cybercrime unit (e.g. Action Fraud at actionfraud.police.uk in the UK, IC3 at ic3.gov in the US)
- File a complaint with the FTC (US) at reportfraud.ftc.gov or the FCA (UK) at fca.org.uk/consumers/report-scam
- If funds were transferred, contact Wise immediately through in-app chat to request a recall attempt
Frequently asked questions
Does Wise ever put a hold on transfers that requires email verification?
Wise may place compliance holds on transfers, but it communicates these through the app dashboard and its registered in-app support chat, not through standalone verification emails with external links. Always check the app first.
How quickly can attackers drain a Wise account?
Once an attacker has your credentials and can intercept OTPs (by changing your registered phone number), they can convert and move multi-currency balances very quickly. Reporting to Wise immediately via in-app chat is critical.
Is Wise responsible for reimbursing phishing victims?
Like most financial institutions, Wise distinguishes between unauthorised transactions (where the customer did not action the transfer) and authorised fraud (where the customer was deceived into making it). Outcomes depend on circumstances — report immediately for the best chance of recovery.