Published: December 26, 2025 3:03 PM IST 
Indian cybersecurity agency Computer Emergency Response Team – India (CERT-In) has released an advisory for WhatsApp users across the country. They have warned them of a high-severity cyber threat called GhostPairing. It’s a form of WhatsApp scam that allows an attacker to silently gain complete control of the victim’s WhatsApp account without the need to steal their password or SIM card.
What is GhostPairing Scam?
GhostPairing is a social engineering attack that exploits a legitimate WhatsApp feature called device-linking or WhatsApp pairing. It allows users to link their WhatsApp account to WhatsApp Web and other devices.
Cybercriminals have found a way to use WhatsApp device-linking as an attack vector using the social engineering method. Victims of this scam don’t know that they have unknowingly linked an attacker’s device to their WhatsApp account.
But unlike other forms of WhatsApp hacks that often require stealing credentials or hijacking WhatsApp with a password, one-time password (OTP), or SIM swap, the GhostPairing scam works differently. It doesn’t require either the attackers to have access to a victim’s phone or the victim’s WhatsApp credentials. Instead, it relies on psychological manipulation.
Scam Working Method
CERT-In has explained how the scam typically works. The attack usually starts with a WhatsApp message from a number the victim trusts. It will say something like: “Hi, check this photo.” Then, the victim receives a link that redirects to a fake website.
The victim will click on the link and the fake site will prompt them to “verify” before they can view the content. At this stage, the victim is unknowingly starting the WhatsApp device-linking process. This is because entering their phone number or pair code will prompt WhatsApp to display a QR code. By scanning this QR code on the attacker’s device, users will unknowingly authorize the attacker’s device as a trusted linked session on their WhatsApp account.
From there, the attacker’s device will be displayed on the “Linked Devices” list on WhatsApp. This grants the attacker full access to the WhatsApp account, and the victim will not be alerted of the intrusion.
What attackers can access?
A linked device, through the GhostPairing WhatsApp scam, grants the attacker almost full access to the WhatsApp account. It is similar to how a WhatsApp Web session works. Attackers can:
Spread the WhatsApp scam to more victims.
Attackers will also be able to control victim accounts for long periods since users will not be notified of the attack.
Safety Tips and Government Advisory
CERT-In and India’s Ministry of Electronics and Information Technology (MeitY) have advised all WhatsApp users to be extra cautious and not to click on suspicious links and websites.
In addition, they also recommend:
Checking WhatsApp’s “Linked Devices” list regularly and deleting unknown and suspicious devices.
Users should also enable the two-step verification feature on their WhatsApp accounts.
For breaking news and live news updates, like us on Facebook or follow us on Twitter and Instagram. Read more on Latest Technology News on India.com.
Follow Us 
By 
