WhatsApp users are being alerted to a new scam known as “GhostPairing” that deceives them into granting unauthorized access to their accounts. This emerging threat was recently identified by cybersecurity company Avast and is particularly dangerous because victims may not detect the breach for an extended period.
Unlike previous scams that primarily aimed at stealing passwords, this scam has the potential to lead to more severe instances of fraud. Security experts caution that the scammers gaining access to private conversations, voice messages, and images can result in impersonation, targeted scams, and even extortion.
The scam typically starts with the victim receiving a message from a familiar contact informing them about a found photo along with a hyperlink. Upon clicking the link, the user is directed to a counterfeit webpage resembling Facebook, prompting them to “verify” their identity before viewing the image.
However, this seemingly innocent security measure is actually part of the WhatsApp device-linking process. By inputting a valid pairing code, victims unknowingly link the attacker’s browser as a device, granting continuous access to messages, media, and contacts without necessitating a password alteration or account lock.
Once an account is compromised, it automatically dispatches messages to contacts in the victim’s network, perpetuating the scam organically. To safeguard against such scams, users are advised to regularly check their WhatsApp settings for linked devices and remove any unfamiliar ones, treat requests to scan QR codes or enter pairing codes with suspicion, and enable two-step verification while raising awareness among family and group chats.