- A new WhatsApp scam called 'GhostPairing' has been discovered
- This tricks users into giving a criminal access to their account
- The attacker can then commit identity theft and scam others
There’s no shortage of ways that hackers and other criminals will attempt to gain access to online accounts, but now another has just been discovered, and this specifically relates to WhatsApp.
Gen Digital (via Bleeping Computer) has discovered a WhatsApp account takeover approach that it’s dubbing ‘GhostPairing’ – and when a criminal successfully carries this out, it gives them full access to your WhatsApp account, potentially without you even realizing. So it’s worth knowing what to look out for.
The attempt starts by the victim being sent a message from one of their contacts, generally saying something like “Hey, I just found your photo”, followed by a link. That link will appear with a Facebook-like preview, as you can see in the image below, but the link itself won’t actually take you to Facebook.
Instead, it will take you to a page hosted by the criminals that’s designed to look like Facebook, and will ask you to log in to your account before you can see the content.
That process will involve providing your phone number and then either scanning a QR code or entering a numeric code into WhatsApp, but in either case, what it’s actually doing is using WhatsApp’s device linking function to link the criminal’s device to your WhatsApp account.
During this process your WhatsApp account should alert you that another device is attempting to access to your account, which will hopefully be enough of a red flag for most people, but inevitably some will miss this.
Those who do follow the steps on the fake Facebook page will give the criminal full access to their WhatsApp account from a linked device – that includes conversation histories, shared media, and of course the ability to message a user’s contacts.
With this, the attacker can attempt to impersonate a user and commit fraud or extortion, and of course they can also then play the same trick on any of the user’s contacts.
If they’re careful enough, they could even remain unnoticed in the user’s account for a long time.
Remove and prevent access
There is a way to check whether this has happened to you – just open WhatsApp and head to Settings > Linked devices, from where you’ll be able to see a list of any devices linked to your account. If there are any that you don’t recognize, you can revoke their access.
As far as avoiding falling victim to GhostPairing in the first place, you should always be wary of being sent links, even from friends and family, and especially if they include just a vague message that seems designed to motivate you to click.
Look carefully at the URLs too, since in this case they’re pretending to be Facebook but the actual URLs used are very different. And finally, if you do click a link, think twice before entering any sensitive details (or scanning a QR code) on any page it sends you to. In this case, WhatsApp will actually tell you what the code you’re entering does, so make sure to carefully read anything involved in the process too.
And while this attack is specifically for WhatsApp, similar methods have been used for other messaging apps too, so be wary whatever you’re using.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
English (US) ·