"Ghost pairing" Fraudsters read all your chats in this new WhatsApp trap
Criminals exploit a convenient WhatsApp function to completely hijack profiles. Here's what you need to know about ghost pairing to avoid falling into the trap.
No time? blue News summarizes for you
- Fraudsters hijack WhatsApp accounts by tricking users into sharing the official "link devices" function via phishing sites.
- Once connected, attackers read messages, contacts and bank details unnoticed, while the app appears to continue running normally for the victim.
- You should therefore be particularly vigilant with linking requests and QR codes in WhatsApp.
An eight-digit code on the display, a supposed confirmation of your identity and the trap snaps shut. While the user thinks they are simply answering a security query from WhatsApp or a friend, a stranger is already navigating through the most intimate chat histories in the background.
The maneuver, which security experts refer to as "ghost pairing", is not based on a technical gap in WhatsApp's code, but on the perfidious manipulation of the user. The attackers lure their victims to prepared websites with phishing messages that look deceptively real. These messages often reach the victims via already compromised accounts from their own circle of acquaintances or under the guise of official notifications from social platforms.
There, the fraudsters ask the victim to confirm their telephone number. As soon as the victim discloses this data, the criminals trigger the official device linking function. WhatsApp then generates a linking code, which the criminals access on their fake page. Anyone who enters this code or carelessly confirms a corresponding pairing request in their own app loses control of their data.
How to protect yourself from ghost pairing
- Never confirm a pairing request or an eight-digit code in your WhatsApp app if you have not started this process yourself at that very moment.
- Only scan QR codes to log in to WhatsApp Web on the official website web.whatsapp.com and never on websites that have been sent to you via a link in a message.
- Be extremely skeptical if you are asked to "verify" your phone number on an external website via Messenger or SMS.
- Regularly check the list of registered sessions in your WhatsApp settings under "Linked devices". Immediately delete any device that you cannot clearly assign.
- Enter an additional PIN in the account settings, as this represents an additional barrier that makes it much more difficult for attackers to take full control of your account.
The silent raid in the background
The special thing about this scam is that it is both invasive and inconspicuous. After successful pairing, WhatsApp synchronizes all messages, media and contacts to the perpetrator's device. As the messenger continues to run on the victim's smartphone without interruption, the digital break-in often remains undetected for a long time.
The prey for the perpetrators is high-caliber, as the data obtained enables comprehensive identity theft. The chat histories often contain carelessly shared bank details or email addresses that can be used directly for financial exploitation. In addition, the hijacked account immediately serves as a new basis for rolling out the phishing wave to all of the victim's contacts and exploiting the relationship of trust within the social network for further attacks.
