WhatsApp users are being alerted to a new scam known as “GhostPairing” that deceives them into giving attackers access to their accounts. This recent threat was uncovered by cybersecurity company Avast, posing a significant risk as victims might not detect the breach for an extended period.

Unlike previous scams that primarily aimed at stealing passwords, this scam can result in more severe fraud. Security experts caution that the scammers gaining access to private conversations, voice recordings, and images can lead to impersonation, targeted fraud schemes, and even extortion.

The scam involves the victim receiving a message from a trusted contact, usually containing a message like “hey, I found your photo” along with a link. Clicking on the link redirects the user to a fake webpage resembling Facebook, requesting them to “verify” before viewing the image. However, this seemingly harmless verification step is actually part of WhatsApp’s device-linking process.

By entering a legitimate pairing code, victims unknowingly link the attacker’s browser as a device, granting continuous access to messages, media, and contacts without the need for a password change or account lock. Once compromised, the account sends fraudulent messages to contacts, propagating the scam further.

To safeguard your WhatsApp account against such scams, it is advised to regularly check Linked Devices in WhatsApp settings and remove any unfamiliar devices. Treat any website requests to scan a WhatsApp QR code or enter a pairing code with suspicion. Additionally, enable two-step verification and raise awareness among family and group chats to enhance security measures.