WhatsApp users are being alerted to a new scam known as “GhostPairing” that deceives them into giving hackers access to their accounts. This scam, recently identified by cybersecurity firm Avast, poses a significant threat as victims may be unaware of the breach for an extended period.

In contrast to previous scams targeting password theft, this scheme can result in more severe fraudulent activities. Security experts caution that the perpetrators gaining access to private conversations, voice recordings, and images create opportunities for identity theft, targeted scams, and potential extortion.

The scam unfolds with the victim receiving a message from a trusted contact, typically mentioning finding a photo and including a link. Clicking on the link redirects the user to a counterfeit webpage resembling Facebook, prompting them to “verify” to view the image. This seemingly innocent verification step is part of WhatsApp’s device-linking process.

By entering a valid pairing code as requested, victims unknowingly link the attacker’s browser as a device, granting ongoing access to messages, media, and contacts without the need for a password change or account lock. Once the account is compromised, it automatically sends misleading messages to contacts, perpetuating the scam organically.

To safeguard your WhatsApp account from potential pairing scams, it is recommended to regularly check and remove any unfamiliar linked devices in the Settings menu. Additionally, be cautious of any website requesting to scan a WhatsApp QR code or input a pairing code. Enabling two-step verification and educating your family and group chats about such scams are essential preventive measures.