WhatsApp users need to be cautious of a newly identified scam dubbed “GhostPairing” that deceives them into granting unauthorized access to their accounts. The cybersecurity company Avast uncovered this latest threat, which poses a significant risk as victims might remain unaware of the breach for an extended period.
Unlike previous scams that primarily aimed at stealing passwords, this scheme can result in more severe fraudulent activities. Security experts highlight that the scammers gaining access to private conversations, voice messages, and images can lead to impersonation, targeted scams, and extortion.
The scam typically begins with the victim receiving a message from a trusted contact claiming to have found their photo, accompanied by a link. Upon clicking the link, users are directed to a counterfeit webpage resembling Facebook, prompting them to “verify” their identity to view the image. However, this seemingly harmless verification process is part of WhatsApp’s device-linking procedure.
By entering a valid pairing code as requested, victims inadvertently link the attacker’s browser as a connected device, granting continuous access to messages, media, and contacts without the need for a password change or account lock. Once an account is compromised, the scam propagates by sending messages to the victim’s contacts and groups.
To safeguard your WhatsApp account from potential pairing scams, follow these preventive measures:
1. Regularly check your WhatsApp settings, specifically Linked Devices, and remove any unfamiliar connections.
2. Approach any website request to scan a WhatsApp QR code or input a pairing code with suspicion.
3. Activate two-step verification and raise awareness among your family and group chats about such scams.