GhostPairing is the latest scam on the block that is currently troubling WhatsApp users. It allows attackers to gain access to a victim’s account without any OTPs, without stealing passwords, and without SIM swaps. This happens because the victim unknowingly grants access to the attacker. Ghost Pairing relies on social engineering to trick users into approving a malicious device.
The Government of India has now issued a warning about this threat. The advisory comes from the Indian Computer Emergency Response Team (CERT-In), which operates under the Government of India. CERT-In has warned users about WhatsApp’s device-linking feature and how attackers are using it to take complete control of accounts.
CERT-In said it has been reported that malicious actors are exploiting WhatsApp’s device-linking feature to hijack accounts using pairing codes without an authentication requirement. This newly identified cyber campaign, called Ghost Pairing, enables cybercriminals to take complete control of WhatsApp accounts without needing passwords or SIM swaps, the CERT-In advisory noted.
Also Read: GhostPairing explained: New WhatsApp scam that many are falling for
GhostPairing: Key takeaways
The advisory also explains how users are tricked into falling for this scam. According to CERT-In, victims may receive a message saying, “Hi, check this photo”, which could come from an actual trusted contact, or at least appear to be from one. The message may include a Facebook-style preview, making it look legitimate.
When the user clicks on the link, they are redirected to a page that asks them to verify their identity to view the photo. This is how attackers gain access to the victim’s WhatsApp account. The page triggers WhatsApp’s “Link a device via phone number” feature.
Once the user unknowingly approves this request, the attacker’s browser becomes a trusted device, effectively linking it to the victim’s WhatsApp account and allowing the attacker to take control.