WhatsApp Scam Alert : How to Protect Yourself?

ISLAMABAD : Cybersecurity experts have warned of a new WhatsApp scam that exploits user trust to gain full access to accounts, without the need to hack passwords or break encryption.

Called “GhostPairing”, the scam relies on psychological deception rather than technical exploits. Attackers manipulate users into approving access themselves, effectively turning WhatsApp’s own security features against them.

The attack starts with message that appears to come from a trusted contact, a friend, family member, or someone the victim knows. The message usually contains a tempting link, often claiming to show the recipient’s photo.

Clicking the link leads to a fake Facebook login page, where users are asked to enter their phone number. Rather than logging in, the fake page triggers WhatsApp’s legitimate “Linked Devices” pairing feature and displays a pairing code. Users are then instructed to enter this code in their WhatsApp app.

Inadvertently, victims link their account to a device controlled by the attacker. No passwords are stolen and no encryption is broken, the users themselves grant access, which experts say makes the scam particularly dangerous.

Once linked, hackers can access messages, photos, videos, and voice notes in real time. They can also impersonate the victim, sending messages to their contacts and spreading the scam further.

Cybersecurity experts warn that many victims may not even realize their account has been compromised.

“Fraudsters are persuading people to grant access themselves. Scams like GhostPairing turn trust into a weapon.”

The threat is not limited to WhatsApp. Any platform using low-visibility device pairing systems could be vulnerable to similar attacks.

How to Check Your Account

WhatsApp users should immediately:

1. Open WhatsApp Settings
2. Go to Linked Devices
3. Review all connected devices
4. Remove any device you do not recognize

Experts say this simple check can prevent serious privacy breaches, highlighting the growing importance of user awareness as cyberattacks increasingly rely on deception rather than technical hacking.