Ghost Pairing: A New Way WhatsApp Accounts Get Hijacked

Dec 23, 2025
2 min read

You trust your phone. You trust your apps. And when a message pops up from someone you know you rarely question it. That’s exactly what attackers are counting on.

A new wave of account hijacking is abusing a completely legitimate feature inside WhatsApp and users often don’t realize anything is wrong until the damage is already done.

Attackers are hijacking WhatsApp accounts by abusing its device linking feature through social engineering, not by stealing passwords. Victims are tricked into entering a seemingly harmless code that quietly links an attacker’s device to their account.

How GhostPairing Works

The attack typically begins with a brief message that appears to come from someone the victim knows, containing a link that supposedly leads to a photo of them online. To make the lure more convincing, the link is presented as a familiar Facebook style content preview, lowering suspicion and encouraging a click.

The link then redirects the victim to a counterfeit Facebook page hosted on lookalike or misspelled domains, claiming that verification is required before the content can be viewed. This fake verification step quietly initiates WhatsApp’s device pairing process, prompting the victim to enter their phone number. Attackers use that information to trigger a legitimate device linking or login request, effectively granting themselves access to the account.

Attackers display a WhatsApp pairing code on a fake page while the victim receives a prompt to link a new device. Even though WhatsApp states what the request is for, users often miss the warning and enter the code, granting attackers full access without bypassing security.

Once linked, attackers can read messages in real time, access shared media, and impersonate the victim to spread scams. Many users never notice the added device, which allows criminals to monitor conversations unnoticed.

Takeaway 5 Steps to Stay Protected

Be skeptical of unexpected messages, even if they appear to come from someone you know, especially those urging you to view photos or click links.
Never enter verification or pairing codes unless you personally initiated the action inside the app.
Regularly check WhatsApp Settings → Linked Devices and remove anything you don’t recognize.
Enable two factor authentication to add a critical layer of protection against account takeover.
Slow down. If a message creates urgency or pressure, pause and verify before taking action.