If you think WhatsApp hacks always involve stolen OTPs, SIM swaps, or malware, it’s time to update that belief. A new scam called GhostPairing is doing the rounds, and it’s far more unsettling because it doesn’t break the system at all. It simply convinces users to open the door themselves.
Cybersecurity researchers have flagged GhostPairing as a sophisticated social engineering attack that abuses WhatsApp’s device-linking feature. No passwords are stolen. No SIM cards are cloned. No codes are intercepted. Yet attackers still end up with full access to a victim’s WhatsApp account.
The scariest part? Most users don’t realise anything is wrong.
How GhostPairing works and why it’s so hard to spot
GhostPairing doesn’t rely on technical loopholes. It relies on trust.
The attack usually begins with a message that looks harmless and familiar. Something like, “Hey, I just found your photo!” The message often comes from someone the victim already knows, because their account may already be compromised. The link in the message opens a webpage that looks like a Facebook-style photo preview. Nothing flashy. Nothing suspicious at first glance. To “view” the image, users are prompted to verify their identity.
Here’s where the trick happens. The fake page quietly triggers WhatsApp’s legitimate device-linking process. The user is asked to enter their phone number. WhatsApp then generates a numeric pairing code, exactly as it would when linking WhatsApp Web or another device.
The scam page instructs the user to enter this code inside WhatsApp, framing it as a routine security step. Once the code is entered, the attacker’s device is approved. Just like that, the hacker is inside.
They can read chats, download media, send messages as the victim, and receive new messages in real time. Meanwhile, the victim’s phone continues to work normally. No alerts. No forced logout. No obvious red flags. That’s what makes GhostPairing especially dangerous.
Why this WhatsApp scam spreads so quickly
Unlike spam-heavy scams, GhostPairing spreads through trust networks.
Once an account is compromised, attackers use it to send the same deceptive links to contacts and group chats. People are far more likely to click a link sent by a friend than one from an unknown number.
Cybersecurity experts note that the attack doesn’t weaken WhatsApp’s encryption or exploit bugs. It uses the app exactly as designed. Linked devices remain connected until manually removed, meaning attackers can stay hidden for long periods if users don’t check their settings.
The campaign was first detected in parts of Europe, but researchers warn it can easily spread globally. Any WhatsApp user is a potential target. This raises a bigger question: are users truly aware of what “linking a device” actually means?
How to protect yourself from GhostPairing
Staying safe isn’t complicated, but it does require awareness. Start by checking WhatsApp Settings > Linked Devices regularly. If you see a device you don’t recognise, remove it immediately.
Never enter pairing codes or scan QR codes on websites or links sent through messages, even if they come from known contacts. Enable two-step verification on WhatsApp. While it won’t stop GhostPairing entirely, it adds another layer of protection.
Most importantly, pause before clicking. Scammers thrive on urgency and curiosity. A few seconds of caution can save months of damage. GhostPairing is a reminder that modern cyber threats aren’t always technical. Sometimes, they’re psychological.
This scam doesn’t hack WhatsApp. It hacks human behaviour. As messaging apps grow more powerful, understanding how features work becomes just as important as using them. In the age of trust-based attacks, awareness is your strongest firewall.
FAQs
What is the GhostPairing scam?
GhostPairing is a WhatsApp scam that tricks users into linking a hacker’s device to their account using the official device-pairing feature.
Does GhostPairing steal passwords or OTPs?
No. The scam works without stealing passwords, SIM cards, or verification codes.
How can I check if my WhatsApp is compromised?
Go to Settings > Linked Devices and look for unfamiliar devices. Remove any suspicious sessions immediately.
Can two-step verification prevent this scam?
It helps improve overall security but does not completely block GhostPairing if users approve pairing themselves.
Is WhatsApp fixing this issue?
The feature works as designed, so user awareness remains the primary defence at the moment.
