WhatsApp users are being alerted to a novel “GhostPairing” scam that deceives them into granting unauthorized access to their accounts. Discovered recently by cybersecurity firm Avast, this new threat is particularly dangerous as victims might remain unaware of the breach for an extended period.
Unlike previous scams centered around password theft, this scam can result in more severe fraudulent activities. Security experts caution that the scammers’ ability to access private conversations, voice recordings, and images creates opportunities for impersonation, targeted fraudulent schemes, and potentially extortion.
The scam operates by sending the victim a message from a trusted contact, often claiming to have found a picture of the victim along with a link. Upon clicking the link, the user is directed to a fake webpage resembling Facebook, requesting them to “verify” before viewing the image.
However, this seemingly innocuous security measure is actually part of WhatsApp’s device-linking process. By entering a valid pairing code, victims unknowingly link the attacker’s browser as a device, granting them continuous access to messages, media, and contacts without the need for a password change or account lock.
Once an account is compromised, it automatically sends messages to contacts in the victim’s network, facilitating the spread of the scam organically.
To safeguard your WhatsApp account from potential pairing scams, consider the following preventive measures:
1. Review WhatsApp settings by navigating to Settings → Linked Devices and remove any unfamiliar connections.
2. Exercise caution when prompted by websites to scan a WhatsApp QR code or input a pairing code.
3. Implement two-step verification and raise awareness within family and group chats about such scams.
By adopting these steps, users can reduce the risk of falling victim to unauthorized access attempts on their WhatsApp accounts.
