WhatsApp users are being alerted to a new scam dubbed “GhostPairing” that deceives them into granting attackers access to their accounts. This latest threat, identified by cybersecurity firm Avast, is particularly dangerous as victims may not immediately realize they have been compromised.
In contrast to previous scams centered around password theft, this scam has the potential for more severe fraudulent activities. Security experts caution that scammers gaining access to private chats, voice notes, and photos create opportunities for impersonation, targeted scams, and extortion.
The scheme begins with the victim receiving a message from a trusted contact, typically claiming to have found their photo and including a link. Clicking on the link redirects the user to a counterfeit page resembling Facebook, prompting them to “verify” before viewing the image.
Unbeknownst to the user, this seemingly harmless verification process is part of WhatsApp’s device-linking procedure. By entering a valid pairing code, victims inadvertently link the attacker’s browser as a device, granting ongoing access to messages, media, and contacts without the need for a password change or account lock.
Once an account is compromised, the scammers use it to send messages to the victim’s contacts, perpetuating the scam organically. To safeguard against such attacks, users are advised to take preventive measures such as regularly checking and removing unfamiliar linked devices, treating requests to scan WhatsApp QR codes with suspicion, and enabling two-step verification while educating family and group chats about these risks.