A New WhatsApp Scam: The "Ghost Pairing" Threat
A sophisticated scam method known as "Ghost Pairing" is allowing attackers to gain unauthorized access to WhatsApp accounts. Rather than hacking the platform, this technique exploits WhatsApp's legitimate multi-device pairing feature by tricking users into linking their account to a device controlled by the attacker.
How the Scam UnfoldsThe attack is deceptively simple, starting with a message that appears to come from a known contact.
- The Hook: The message contains a link, often framed as a request to do something benign, such as voting for a contest entry or viewing a private photo.
- The Trap: Clicking the link leads to a phishing page that mimics a legitimate social media site—most commonly a Facebook login screen.
- The Execution: The page prompts the user to log in or "verify their device." Approving this action effectively pairs the user's WhatsApp account to the attacker's device.
- The Result: Once paired, the attacker can silently download the victim's messages, photos, and contact list without any further interaction.
How to Protect Yourself"The scam is highly effective because it relies on social engineering rather than technical hacking. Over 90% of such scams are driven by social engineering and involve interactions between devices and browsers." — Stephen Kho, Security Expert at Avast
Because this attack exploits human trust rather than technical vulnerabilities, prevention relies on awareness and vigilance.
- Scrutinize URLs: Scammers cannot use real domain names for platforms like Facebook, Meta, or WhatsApp. Look for misspelled or nonsensical variants (e.g., "WhatsApppp" or "Faceb00k") — these are a clear red flag.
- Verify Suspicious Links: If a message from a known contact contains a link that seems out of character, verify with the sender using another method (SMS or phone call) before clicking.
- Check Linked Devices Regularly: Go to WhatsApp's "Linked Devices" section to review all devices paired to your account. If you see any unrecognized device, remove it immediately.
By following these steps, users can neutralize the "Ghost Pairing" threat before it takes hold.