New cyber threat: ‘Ghost Pairing’ can let scammers access WhatsApp without OTPs, SIM swap
Police chief Sajjanar cautions against ‘Ghost Pairing’ cyber threat that hijacks WhatsApp accounts
By Sistla Dakshina Murthy
Hyderabad: Police chief Sajjanar cautions against ‘Ghost Pairing’ cyber threat that hijacks WhatsApp accounts
Hyderabad: Commissioner of Police VC Sajjanar has issued a public advisory warning citizens about a new and dangerous cyber fraud known as the ‘Ghost Pairing’ scam, which enables criminals to gain covert access to WhatsApp accounts without OTPs, SIM swaps or security alerts.
The commissioner cautioned that the scam poses a serious threat to personal privacy and financial safety and urged users to exercise extreme caution while handling unsolicited messages and links.
The scam works via a deceptive message used as bait
According to the advisory, the scam usually begins with a seemingly innocent message such as ‘Hey, I just found your photo’ followed by a link.
Police warned that such messages should not be trusted, even if they appear to come from a known contact, as cybercriminals often exploit already-compromised accounts to trap new victims.
Clicking the link redirects users to a fake webpage that closely resembles WhatsApp Web.
How the ‘GhostPairing’ scam operates
The fake webpage prompts users to complete a device-linking process. Once this is done, the victim’s WhatsApp account is silently paired with the scammer’s device through the ‘Linked Devices’ feature.
Police highlighted that this method is particularly dangerous because it does not involve OTP verification, SIM card duplication, or alert notifications, making the account takeover difficult to detect immediately.
Risks after account compromise
Once access is gained, scammers can:
- Read private and archived chats.
- Access photos, videos, and contact lists.
- Send messages impersonating the victim.
- Use the account to carry out further fraud.
- Potentially lock the original user out of the account.
The Commissioner warned that such access is often used for financial scams and to deceive the victim’s contacts.
Safety measures advised by the police
Hyderabad Police have urged WhatsApp users to follow these precautions:
- Do not click on suspicious or unknown links.
- Never enter pairing details or QR codes on external or unofficial websites.
- Regularly check WhatsApp → Linked Devices and remove unknown devices.
- Enable two-step verification for enhanced account security.
Public advisory
Commissioner VC Sajjanar stressed that a single careless click can compromise an entire WhatsApp account. He appealed to citizens to stay alert, verify messages before responding, and spread awareness among family members, friends and colleagues to prevent the spread of such cybercrimes.
