Cybersecurity experts have issued an urgent warning about a new WhatsApp scam exploiting user trust and access accounts without hacking passwords.
The newly identified scam, called GhostPairing, relies on psychological manipulation instead of technical vulnerabilities, making it harder for users to detect and easier for attackers to succeed unnoticed.
Experts explained that attackers trick victims into approving access themselves, misusing WhatsApp’s legitimate security feature known as Linked Devices to silently compromise accounts.
The scam usually begins with a message appearing to come from a trusted contact, such as a friend or family member, encouraging users to click a tempting link.
Visit Times of Karachi website for the latest news-related content
In most cases, the message claims to show a personal photo or important content, prompting curiosity and lowering suspicion before the victim clicks the link.
Once clicked, users are redirected to a fake Facebook login page, which asks for a phone number instead of login credentials.
Rather than logging in, the fake page activates WhatsApp’s real Linked Devices pairing process and displays a pairing code on screen.
Victims are instructed to enter this code into their WhatsApp application, unknowingly linking their account to a device controlled by the attacker.
Cybersecurity specialists stressed that no password is stolen and no encryption is broken, making the attack especially dangerous and difficult to trace.
READ: Gmail users can now change their email address under Google’s new update
By approving the pairing, users themselves grant full access to their WhatsApp account, allowing hackers to monitor conversations in real time.
Once access is gained, attackers can read messages, download photos and videos, listen to voice notes, and impersonate the victim convincingly.
Hackers often use the compromised account to message the victim’s contacts, spreading the scam further and increasing its reach rapidly.
Experts warn that many victims remain unaware their account has been compromised, as WhatsApp continues functioning normally on their phone.
Security analysts described GhostPairing as a growing trend where fraudsters weaponize trust rather than relying on technical hacking skills.
Follow the Times of Karachi channel on WhatsApp
They cautioned that similar scams could affect other platforms that use device pairing systems with limited visibility for users.
How to secure WhatsApp account
To stay protected, WhatsApp users are advised to regularly review their linked devices through application settings.
Users should open WhatsApp settings, navigate to Linked Devices, and immediately remove any unfamiliar or suspicious connections.
Experts emphasize that this simple step can prevent major privacy breaches and limit the damage caused by unauthorized access.
They further recommend avoiding unknown links, verifying unusual messages with contacts, and staying alert to social engineering tactics.
