Cybersecurity authorities worldwide are sounding the alarm after a new scam campaign known as GhostPairing emerged, targeting WhatsApp users and putting millions of accounts at risk. The sophisticated attack exploits WhatsApp’s multi-device linking feature, allowing cybercriminals to hijack accounts without requiring passwords, OTPs, or SIM swaps.
According to the Indian Computer Emergency Response Team (CERT‑In), the GhostPairing scam is of high severity, with attackers using social engineering tactics to trick users into linking a malicious device to their WhatsApp account. The campaign typically begins with a seemingly legitimate message, often appearing to come from a trusted contact, prompting users to click a link. This link directs victims to a counterfeit page designed to collect device pairing codes, which are normally used to authorize WhatsApp on new devices.
Once the attacker’s device is linked, they gain silent access to the account, enabling them to read messages, view shared media, impersonate the user, and potentially spread the scam to the victim’s contacts. Unlike traditional hacking attempts, this method does not trigger standard security alerts, leaving victims unaware that their account has been compromised.
Authorities have reported a surge in GhostPairing incidents in India, prompting CERT‑In and local police to issue urgent warnings. Residents are advised to be cautious when clicking links received via WhatsApp, even if the message appears to come from someone they know. Users should avoid entering phone numbers or verification codes on external websites, monitor linked devices through the app, and enable two-step verification to strengthen account security.
Meta, WhatsApp’s parent company, has yet to release a dedicated fix for GhostPairing, though the company continues to enhance security features aimed at protecting accounts from unauthorized access. Experts emphasize that user awareness and vigilance remain the first line of defense against this stealthy form of account hijacking.
The GhostPairing threat highlights the fine balance between convenience and security in messaging apps. While multi-device support offers flexibility, it also opens potential avenues for exploitation when combined with sophisticated social engineering tactics. Cybersecurity specialists warn that as attackers become more adept, ongoing education and cautious behavior are crucial to safeguarding personal communications.
Discover More WhatsApp Introduces Passkey-Encrypted Backups for Easier and Safer Access
Discover more from Phoonomo
Subscribe to get the latest posts sent to your email.
