Ghosts Of WhatsApp! How GhostPairing Hijacks Accounts Without You Noticing: What Should You Do?

WhatsApp scams have evolved far beyond fake lottery messages and suspicious APK files. A new attack method, called GhostPairing, shows how cybercriminals are now quietly slipping into accounts by misusing a feature that many of us use every day – device linking. Also Read: Why is this country banning WhatsApp? Here’s what’s happening

What makes this attack unsettling is that it doesn’t involve password theft, SIM swapping, or malware. Instead, it tricks users into helping the attacker themselves. WhatsApp’s device-linking feature lets users connect their account to WhatsApp Web or desktop, making it easy to reply from a laptop or browser. It’s secure, encrypted, and designed for convenience. Also Read: Want WhatsApp on Two Phones? Follow These Steps

Instead of breaking encryption, attackers simply add themselves as a linked device, giving them direct access to the victim’s chats. Once that happens, end-to-end encryption doesn’t help – because the attacker is now a “trusted” device. 

WhatsApp Ghostpairing: How the scam usually starts

The attack often begins with a casual message like, “Hey, I found your photo. Check this.”

The message usually appears to come from a known contact. The link inside looks like it belongs to Facebook or Meta, which adds a layer of trust. Once clicked, the page asks the user to enter their phone number to “verify” or “continue.”

Behind the scenes, attackers use that number to trigger WhatsApp’s device pairing request. However, users do miss that there are two common variations:

• A QR code appears and the user is told to scan it
• A numeric code is sent, and the user is asked to enter it inside WhatsApp

The second method is more effective. The victim sees a pairing prompt inside WhatsApp, enters the code, and assumes it’s a routine verification step. In reality, they’ve just linked the attacker’s browser to their account.

What attackers can do next

Once paired, attackers can:

• Read new incoming messages
• Download photos, videos, and voice notes
• Impersonate the user in chats and groups
• Send the same scam link to contacts
• Collect personal data for future scams or extortion

All of this can happen before the victim realises anything is wrong.

How to stay safe

India’s Ministry of Electronics and Information Technology has already warned users about GhostPairing. However, a few simple habits can reduce the risk:

Add Techlusive as a Preferred Source

• Don’t click unexpected links, even from known contacts
• Never enter your phone number on external websites
• Turn on Two-Step Verification in WhatsApp
• Regularly check Settings → Linked Devices
• Read pairing prompts carefully before approving anything

If you suspect your account was compromised, immediately log out of all linked devices and alert your contacts.