How to protect your WhatsApp account from GhostPairing scam
The GhostPairing scam is a new technique attackers use to gain access to WhatsApp accounts without stealing passwords, OTPs, or SIM cards. Below are 10 clear points explaining how you can protect your account from this silent takeover method.
Know how the GhostPairing scam works GhostPairing relies on social engineering, not hacking. Scammers trick users into linking an attacker’s device to their account using WhatsApp’s legitimate “Linked Devices” feature. Once approved, the attacker gains ongoing access.
Be alert to casual messages with links The scam often begins with a short, vague message such as “I found your photo” or “Is this you?” sent from a known contact. The familiarity lowers suspicion and increases the chance of clicking the link.
Avoid clicking links that ask for verification Any link that claims you need to “verify” your account before viewing a photo or document should be treated as suspicious. WhatsApp does not require verification steps to open shared media.
Never enter WhatsApp pairing codes on websites WhatsApp allows device linking via QR codes or numeric pairing codes, but these should only be used inside the app when you are intentionally adding a new device. Websites asking for such codes are part of the scam.
Regularly check Linked Devices Open WhatsApp and go to Settings → Linked Devices. Review the list carefully. If you see any browser or device you don’t recognise, log it out immediately to remove hidden access.
Enable Two-Step Verification Turn on Two-Step Verification from Settings → Account → Two-Step Verification. This adds an extra PIN layer and strengthens account security against future misuse or recovery attempts by attackers.
Watch for unusual behaviour from contacts If a contact sends the same vague message repeatedly or shares suspicious links across multiple chats, their account may already be compromised. Avoid engaging with such messages.
Log out from all devices if unsure If you suspect your account may have been affected, use the “Log out from all devices” option in Linked Devices. This action instantly disconnects all connected browsers and devices except your phone.
Share awareness to limit the spread GhostPairing spreads through trust. Informing family members, colleagues, and group chats about this scam can prevent further victims and stop the chain from continuing.
