Skip to main content
logo

InsightRush

Video
technology

WhatsApp "GhostPairing" Scam Surfaces - Government Issues High-Alert Over Silent Account Hijacking!

By Shravanthi R
WhatsApp "GhostPairing" Scam Surfaces - Government Issues High-Alert Over Silent Account Hijacking!

After hacking and digital arrest scams targeting cybercriminals, the WhatsApp Ghost Pairing scam has now become the latest issue in the news.

India’s premier cybersecurity agency, CERT-In (Indian Computer Emergency Response Team), along with the Ministry of Electronics and Information Technology (MeitY), has issued a high-severity advisory regarding a sophisticated new cyber-threat called "GhostPairing." Unlike traditional hacking methods that rely on stealing passwords or intercepting OTPs, GhostPairing exploits WhatsApp’s "Linked Devices" feature to silently hijack accounts, allowing attackers to mirror your chats in real-time.

The "I Found Your Photo" Trap: How it Works

The scam typically begins with a deceptive message from what appears to be a trusted contact. The modus operandi involves:

The Lure: You receive a message saying, "Hi, check this photo" or "Hey, I just found your photo!" accompanied by a link that shows a Facebook-style preview.

The Fake Verification: Clicking the link takes you to a professional-looking "verification" page (often using Facebook branding). You are asked to enter your phone number to "view the content."

The Invisible Link: Once you enter your number, the attacker initiates a "Pair with Phone Number" request on their own device. You then receive a legitimate 8-digit pairing code on your WhatsApp.

The Hijack: The fake website prompts you to enter this code into your WhatsApp to "confirm your identity." The moment you enter the code, you are effectively granting the hacker's browser permission to link to your account as a "trusted device." OnePlus 15 | 12GB+256GB | Sand Storm | India's First Snapdragon® 8 Elite Gen 5 | 7300mAh Battery | Personalised AI | Game-Changing 165Hz Display | Triple 50MP Camera with 4K 120fps Dolby Vision

Why "GhostPairing" is Dangerous

The name "Ghost" refers to the stealthy nature of the attack.

Invisible Monitoring: The attacker can read all incoming and outgoing messages, view media, and download contacts without logging you out of your primary phone.

Spreading the Virus: Once a hacker has access, they send the same "photo link" to all your contacts and groups, making the scam spread like wildfire through trusted circles.

Data Theft: Hackers can harvest sensitive personal information for extortion, financial fraud, or "Digital Arrest" scams.

Government & CERT-In Safety Guidelines

Authorities have urged citizens to stay vigilant and follow these immediate security steps:

Audit Linked Devices: Open WhatsApp > Settings > Linked Devices. If you see any unrecognized device (e.g., "Chrome on Linux" or "Windows" that you didn't authorize), log out immediately.

Enable Two-Step Verification: Set up a 6-digit PIN (Settings > Account > Two-Step Verification). This acts as a secondary wall even if someone tries to link your device.

Be Skeptical of Links: Never click on links promising "photos of you" or "lottery wins," even if they come from friends. Always call the sender to verify if they actually sent the link.

Report Fraud: If you fall victim to this scam, report it immediately on the national cybercrime portal at www.cybercrime.gov.in or call 1930. Also Read: Meesho Shares Hit Lower Circuit: Why the E-commerce Giant is Seeing a 21% Slump Post-Listing!?