Cybersecurity experts have issued a warning about a sophisticated new scam targeting WhatsApp users. Dubbed “GhostPairing,” this attack exploits user trust to gain full access to the account. Crucially, it does not crack passwords or break encryption; instead, it manipulates users into granting access themselves.
The scam represents a shift in cybercriminal tactics. It relies on psychological deception rather than technical exploits, effectively turning WhatsApp’s own security features against its users.
How the ‘GhostPairing’ Scam Works
The attack begins with a deceptive message. It appears to come from a trusted contact—a friend, family member, or known acquaintance. The message typically includes an enticing link that claims to show a photo of the recipient or other compelling content.
Step 1: The Fake Login Page
Clicking the link directs the user to a counterfeit Facebook login page. The page prompts the user to enter their phone number. Instead of logging into Facebook, this action triggers a legitimate WhatsApp process in the background.
Step 2: Weaponising Device Pairing
The fake page activates WhatsApp’s “Linked Devices” pairing feature. It then displays a genuine QR pairing code on the screen. The user is instructed to enter this exact code in their WhatsApp app under the “Link a Device” setting.
#CyberCrime | #WhatsApp users face a rising threat from #GhostPairing — A scam where attackers secretly link accounts to another device by tricking victims into sharing verification codes or scanning malicious QR codes, gaining full access without passwords or OTPs.
Details by…
— CNBC-TV18 (@CNBCTV18News) December 22, 2025Step 3: Unwittingly Granting Access
By following these instructions, the victim manually links their WhatsApp account to an attacker-controlled device. No passwords are stolen, and end-to-end encryption remains unbroken. The user voluntarily grants the attacker full, real-time access to their account.
Once linked, the attacker gains significant control. They can access all messages, photos, videos, and voice notes in real time. The hacker can also impersonate the victim, sending messages to their contacts to spread the scam further within trusted networks.
Read: WhatsApp Accuses Russia of Restricting Private Communications
Experts emphasise the particular danger of this method. “Fraudsters are persuading people to grant access themselves. Scams like GhostPairing turn trust into a weapon,” explained one cybersecurity analyst. Many victims may not realise their accounts have been compromised, as the scam leaves no obvious trace of a traditional breach.
Immediate Action: How to Check Your WhatsApp Security
WhatsApp users are urged to review their linked devices immediately. This simple check can identify and revoke unauthorised access.
Follow these steps:
- Open your WhatsApp application.
- Go to Settings (the gear icon).
- Select Linked Devices.
- Carefully review all connected devices and their last active times.
- Remove any device you do not recognise by tapping on it and selecting ‘Log Out’.
The ‘GhostPairing’ threat highlights a vulnerability beyond WhatsApp. Any digital platform that uses similar low-visibility device-pairing or multi-factor authentication systems could be susceptible to similar social engineering attacks.
This scam underscores a critical trend in cybersecurity. Attacks are increasingly relying on human deception rather than pure technical skill. Protecting accounts now requires heightened user awareness and vigilance, not just strong passwords. Regularly auditing linked devices and being sceptical about unexpected links, even from known contacts, is essential digital hygiene.
