The GhostPairing scam is spreading across India and tricks WhatsApp users into giving attackers access by misusing the Linked Devices feature.
Attackers pose as known contacts and share fake photo links, leading users to unknowingly share WhatsApp pairing codes.
Once linked, scammers can quietly read chats, access media and documents, and misuse data for fraud or further scams.
Online security threats show no signs of slowing down. This year has already seen a plethora of scams, and the GhostPairing attack is the latest addition. This attack is particularly dangerous because attackers do not rely on complex software hacks to break into accounts. Instead, they exploit trust and human error, with many users unknowingly giving away access to their own WhatsApp accounts. As reports of this attack continue to rise, it is becoming increasingly important for users to understand what is happening and learn how to protect their personal data. Here’s a simple breakdown of what a GhostPairing attack on WhatsApp is, why it is dangerous and how you can be protected.
SurveyWhat is a GhostPairing attack on WhatsApp?
The GhostPairing attack is a social trick that allows attackers to link their device to a victim’s WhatsApp account. The attack begins with the attacker disguising themselves as someone you know and sending you a WhatsApp message containing a malicious link. The message may sound like, ‘Hey, I just found a photo of yours,’ followed by a link. These links will usually end with extensions like the following:
- photobox[.]life
- postsphoto[.]life
- yourphoto[.]life
- photopost[.]live
- yourphoto[.]world
- top-foto[.]life
- fotoface[.]top
When you click the link, it takes you to a fake website that looks like a photo viewing page. The site then asks you to verify your identity by entering your phone number and the pairing code you received on WhatsApp.
Once you enter the code, you unknowingly grant the attacker’s device full access to your WhatsApp account. For WhatsApp, the code is simply the verification code the company sends you whenever you try to link your account to another device. In this attack, however, sharing it gives the attacker complete control over your account.
Also read: Apple iPhone 20 to launch with curved display and buttonless design: Here’s what we know
Why is this GhostPairing attack on WhatsApp extremely dangerous?
This type of attack is extremely dangerous in the sense that it does not breach the WhatsApp security system. Rather, it uses a trusted feature in WhatsApp. Once the hacker connects to your WhatsApp, they will be able to remain connected to your account without interfering with your conversations. This makes it extremely difficult to detect the presence of the hacker, in the sense that everything will appear to be working normally. Additionally, users often trust links shared by their friends or family, making this type of attack extremely difficult to detect.
Also read: Samsung Galaxy Z Fold 8 camera specs tipped ahead of launch: All details
What data is at risk in a GhostPairing attack
Once an attacker successfully links their device to your WhatsApp account, the exposure goes far beyond a few messages. Since this access is more or less like that of WhatsApp Web, the attacker can silently observe the activity over time and gather sensitive information without you being in the know. This may result in serious personal and financial implications, especially if you solely rely on WhatsApp for work or official communications.
Data that can be accessed shall include:
- Private chats and group conversations both messages that have already been sent and those that reach their recipient after the attack is launched.
- Photos and videos include personal images and could be shared in family or work groups.
- These voice notes and call-related information may lead to revealing the person’s tone, intent, or even personal details.
- Documents and files, such as IDs, office files, invoices, or bank-related documents shared on chats
- Lists of contacts and memberships in groups permit attackers to comprehend personal and professional networks.
- Daily communication patterns can help an attacker understand when you are most active, who you trust, and how you reply to messages.
- The gathered data may later be used to perpetrate scams, send fake messages, commit financial fraud, or launch more focused attacks.
How to be safe against GhostPairng attack on WhatsApp
Here are the simple steps you can follow to be safe against the GhostPairing attack.
- Check Linked Devices by opening WhatsApp and looking at the Settings for any devices that have been linked. Log out of any that look unfamiliar.
- Never enter pairing numbers unless you are trying to pair WhatsApp to your own computer or tablet.
- Use care when clicking on unexpected links, even when they come from familiar sources. A message like ‘See this photo’ triggers alarm. For example: This is what the ‘see this photo’ message looks like.
- Verify messages with a suspicious signature by another communication method, like a phone call or a different messaging app.
- Turn on two-step verification so that your account is more secure.
- Educate friends so they will not unwittingly distribute links with the same intent, e.g., malware distribution.
Follow Us
Bhaskar Sharma
Bhaskar is a senior copy editor at Digit India, where he simplifies complex tech topics across iOS, Android, macOS, Windows, and emerging consumer tech. His work has appeared in iGeeksBlog, GuidingTech, and other publications, and he previously served as an assistant editor at TechBloat and TechReloaded. A B.Tech graduate and full-time tech writer, he is known for clear, practical guides and explainers. View Full Profile
