Outlook Business Desk
Cybersecurity researchers have identified a sophisticated scam called GhostPairing that targets WhatsApp users. It abuses the app’s device-linking feature, allowing attackers to gain full account access without stealing passwords, SIM cards or one-time verification codes.
GhostPairing is a newly identified WhatsApp scam that does not involve technical hacking. Instead, it manipulates users into linking an unknown device themselves, silently granting attackers ongoing access while the victim’s account and phone continue to function as usual.
The GhostPairing scam typically starts with a casual message that seems to come from a familiar contact, often referencing a photo or file. The embedded link looks legitimate within WhatsApp, making users less cautious and more likely to click without checking authenticity.
After clicking the link, users are taken to a counterfeit webpage that closely mimics a Facebook photo viewer. To proceed, the page asks for a quick verification, presenting it as a standard security step and masking the real intent behind the request.
During the fake verification, users are asked to enter their phone number, which activates WhatsApp’s official device-pairing process. A numeric code is generated, and when entered as instructed, it unknowingly links the attacker’s device to the victim’s account.
After the pairing code is entered, attackers gain complete WhatsApp Web access. They can view chats, download media, and send messages posing as the user, while new messages sync in real time and the victim’s phone shows no clear signs of compromise.
Experts warn that GhostPairing does not hack WhatsApp or exploit vulnerabilities. Instead, it abuses legitimate device-linking features. Once a device is linked, it stays active until manually removed, leaving the user’s account vulnerable for potentially extended periods.
To stay safe from GhostPairing, users should frequently review WhatsApp’s Linked Devices section and remove unfamiliar sessions. They must avoid entering pairing codes from websites, enable two-step verification and verify unexpected messages, even if they appear to come from trusted contacts.