WhatsApp scams have evolved far beyond fake lottery messages and suspicious APK files. A new attack method, called GhostPairing, shows how cybercriminals are now quietly slipping into accounts by misusing a feature that many of us use every day – device linking. Also Read: This WhatsApp Trick Can Hijack Your Account Silently: Here’s How You Can Stay Safe

What makes this attack unsettling is that it doesn’t involve password theft, SIM swapping, or malware. Instead, it tricks users into helping the attacker themselves. WhatsApp’s device-linking feature lets users connect their account to WhatsApp Web or desktop, making it easy to reply from a laptop or browser. It’s secure, encrypted, and designed for convenience. Also Read: WhatsApp Bans Nearly 10 Million Indian Accounts Every Month: Government Raises Concerns Over Misuse and Lack of Transparency

Instead of breaking encryption, attackers simply add themselves as a linked device, giving them direct access to the victim’s chats. Once that happens, end-to-end encryption doesn’t help – because the attacker is now a “trusted” device. Also Read: WhatsApp Is Testing Quiz Feature For Channels: Here’s How It Works

WhatsApp Ghostpairing: How the scam usually starts

The attack often begins with a casual message like, “Hey, I found your photo. Check this.”

The message usually appears to come from a known contact. The link inside looks like it belongs to Facebook or Meta, which adds a layer of trust. Once clicked, the page asks the user to enter their phone number to “verify” or “continue.”

Behind the scenes, attackers use that number to trigger WhatsApp’s device pairing request. However, users do miss that there are two common variations:

A QR code appears and the user is told to scan it

A numeric code is sent, and the user is asked to enter it inside WhatsApp

The second method is more effective. The victim sees a pairing prompt inside WhatsApp, enters the code, and assumes it’s a routine verification step. In reality, they’ve just linked the attacker’s browser to their account.

What attackers can do next

Once paired, attackers can:

Read new incoming messages

Download photos, videos, and voice notes

Impersonate the user in chats and groups

Send the same scam link to contacts

Collect personal data for future scams or extortion

All of this can happen before the victim realises anything is wrong.

How to stay safe

India’s Ministry of Electronics and Information Technology has already warned users about GhostPairing. However, a few simple habits can reduce the risk:

Trending Now

Don’t click unexpected links, even from known contacts

Never enter your phone number on external websites

Turn on Two-Step Verification in WhatsApp

Regularly check Settings → Linked Devices

Read pairing prompts carefully before approving anything

If you suspect your account was compromised, immediately log out of all linked devices and alert your contacts.