Hyderabad: On December 21, VC Sajjanar, Hyderabad’s police commissioner, issued a warning about a new scam called “Ghost pairing” on WhatsApp.
This scam takes advantage of WhatsApp’s device-linking feature. It allows attackers to access a victim’s account without needing a password, OTP, or SIM swap. Sajjanar shared this warning on the platform X.
He cautioned, “If you get a message like, ‘Hey, I just found your photo’ with a link, do not click it, even if it seems to come from someone you know.”
Clicking the link redirects users to a fake webpage that looks like Facebook or WhatsApp Web. It asks them to “verify” their identity. This action starts the official device-pairing process of WhatsApp, giving the attacker full access to the victim’s account, Sajjanar explained.
GhostPairing doesn’t break WhatsApp’s security. Instead, it uses social engineering to trick victims into approving the attacker’s device, making it hard to detect, according to a cyber security expert.
Once an account is compromised, scammers send the malicious link to the victim’s contacts and groups. Messages from known contacts are more likely to be clicked, spreading the scam quickly without obvious signs.
To protect themselves, users should regularly check the Linked Devices section in WhatsApp and remove any unfamiliar connections. Be cautious of any message asking for pairing codes, QR codes, or account verification through external sites.
