Cybersecurity Experts Warn of WhatsApp GhostPairing Scam Hijacking Accounts Using Device Pairing and Social Engineering
A new WhatsApp scam called GhostPairing is hijacking accounts through device-linking tricks, letting attackers access messages without passwords or OTPs, highlighting rising WhatsApp hacking risks, social engineering attacks and the urgent need for stronger account security.
Tech Author
A new and seriously misleading scam targeting WhatsApp users has been discovered, and cybersecurity experts describe it as one of the most harmful tactics observed thus far. GhostPairing is a scam that does not use traditional account hacking methods. Instead, it leverages WhatsApp's device-linking ability to secretly take over a user's account.
What makes this type of scam particularly dangerous is that the attackers do not require your password, SIM card, OTP, or verification code. The entire attack is based on social engineering, in which consumers are deceived into approving the hacker's device without realising it.
How this scam takes over WhatsApp accounts
According to cybersecurity researchers, the scam often starts with a simple and friendly message from a trusted contact. Messages like “Hey, I found your photo” or “Is this you?” are sent along with a link. Because the message comes from someone familiar, many users click it without suspicion. The link opens a fake webpage that looks like a Facebook photo viewer. Before showing the image, the page asks the user to “verify” their identity. At this stage, the scam secretly activates WhatsApp’s official linked device pairing process. Users are asked to enter their phone number, after which WhatsApp generates a numeric pairing code.
The fake page then instructs the user to enter this code inside WhatsApp, presenting it as a normal security step. Once the code is entered, the attacker’s device gets linked to the victim’s account. From that moment, the hacker can read messages, download photos and videos, send messages as the user and receive new chats in real time.
The most dangerous part is that the victim’s phone continues to work normally. There are no alerts, no login warnings and no signs of hacking. This makes the scam very hard to notice. The linked device stays active until the user manually removes it.
Why the scam spreads fast and how users can stay safe
Experts say the scam spreads quickly because compromised accounts are used to send the same fake links to contacts and group chats. This creates a chain reaction inside trusted networks rather than random spam messages. Cybersecurity researchers stress that GhostPairing does not break WhatsApp encryption or exploit software bugs. Instead, it abuses a legitimate feature and human trust, which makes it more alarming.
To stay safe, users should regularly check WhatsApp Settings > Linked Devices and remove any unknown devices. Never enter pairing codes or scan QR codes from websites or messages. Enabling two-step verification adds extra protection. Most importantly, users should pause and verify unexpected links, even if they come from known contacts.
As online scams continue to evolve, staying alert is the best defence. GhostPairing shows how simple actions can lead to serious account takeovers if users are not careful.
This article is based on information from The Mint
