A new WhatsApp scam called GhostPairing can let hackers spy on your chats without OTPs or SIM swaps and your app keeps working like normal. It starts with an innocent-looking link. One click could silently give scammers full access.
GhostPairing can give hackers complete access to a user's account within minutes.
New Delhi: WhatsApp one of India’s most widely used messaging platforms, has become the latest target of cybercriminals using a new and dangerous hacking technique called the GhostPairing scam. Cybersecurity experts warn that this method can give hackers access to a user’s WhatsApp account within minutes often without the victim realizing anything is wrong.
GhostPairing is a sophisticated hacking method that exploits WhatsApp’s legitimate “Linked Devices” feature. Instead of stealing passwords, SIM cards, or one-time passwords (OTPs), scammers trick users into unknowingly linking a hacker’s device to their WhatsApp account. Once linked, the attacker gains full access to chats and media.
WhatsApp to Introduce “Strict Account Settings Mode” for Enhanced Privacy and Cyber Protection
The vulnerability was flagged by global cybersecurity firm Gen Digital, which noted that users often fall for the scam without suspecting foul play.
The scam typically starts with a message that appears to come from a known contact, making it seem trustworthy. The message often reads something like, “Hey, I found your photo!” and includes a suspicious link. Since it comes from someone familiar, users are more likely to click it.
After clicking the link, users are redirected to a fake website designed to look like a photo viewer or social media page. The site asks them to confirm their identity by entering their phone number. Shortly after, WhatsApp sends a genuine device-pairing code to the victim. When this code is entered on the fake site, the hacker’s device gets linked instantly.
From that moment, attackers can secretly access WhatsApp Web tied to the victim’s account.
Once inside, hackers can read private chats, download photos, videos, and documents, send messages to contacts and groups, and receive real-time message notifications. The most dangerous part is that WhatsApp continues to work normally on the victim’s phone, making the breach almost impossible to detect.
WhatsApp Apple Watch App Finally Here: Reply Messages & Send Voice Notes Without iPhone
Unlike traditional scams, GhostPairing does not involve SIM swapping or OTP theft, making it harder to trace. The scam can also spread automatically through the victim’s contacts and groups, increasing its reach. First detected in the Czech Republic, experts fear it could spread globally, including India.
To protect yourself, avoid clicking on suspicious links even from known contacts. Never enter WhatsApp pairing or verification codes on any website. Regularly check the “Linked Devices” section in WhatsApp settings and remove unfamiliar devices immediately. Staying alert is the best defense against this silent cyber threat.
