Cybercriminals are exploiting WhatsApp through a new form of digital deception known as “Ghost Pairing.” Telangana Police and the Ministry of Electronics and Information Technology (MeitY) have issued an official public alert after detecting several cases of this emerging WhatsApp-based fraud spreading across India.
According to cybercrime investigators in Hyderabad, scammers have found a way to secretly link a victim’s WhatsApp account to their own device — without the user’s knowledge — through unauthorized “device pairings.” Once linked, fraudsters gain full access to the target’s chats, media, and contacts, enabling identity theft, blackmail, and financial scams.
Telangana’s Director of Cyber Security and Hyderabad Police Commissioner jointly cautioned citizens not to click on suspicious links or QR codes delivered via WhatsApp, messages, or fake websites claiming to verify account security.
What Is WhatsApp “Ghost Pairing”?
“Ghost Pairing” is a sophisticated technique that abuses WhatsApp’s multi-device feature, designed to let users access their accounts from multiple devices. Criminals trick victims into granting pairing permission through deceptive prompts or phishing links.
Once a user unknowingly clicks the link or scans a malicious QR code, the attacker’s system gets paired with the victim’s account — granting access to private information in real time.
Officers explained that this method’s danger lies in its invisibility — the original user continues to use WhatsApp normally, unaware that their messages are being mirrored by a “ghost device.”
Earlier, cybercriminals were limited to scams via calls, OTP sharing, or malware downloads. This newer method involves no app installation; instead, it exploits legitimate WhatsApp features for illegal surveillance and data theft.
How the Scam Unfolds
- The victim receives a message asking to verify or reconnect their WhatsApp account.
- The message contains a malicious QR code or link mimicking an official source.
- When the user scans or clicks, the attacker’s device is paired seamlessly to their WhatsApp Web system.
- All chats, personal files, and group data become visible to the attacker instantly.
Police noted that many victims realized something was wrong only after friends received strange messages or money requests in their name.
How to Protect Yourself
- Never scan QR codes or click external links sent via WhatsApp or text messages claiming account issues.
- Check active device connections in WhatsApp settings → Linked Devices, and immediately log out of unknown pairings.
- Enable two-step verification and use biometric or PIN protection for added security.
- Report suspicious activity through MeitY’s Cybercrime Helpline 1930 or cybercrime.gov.in.
Cyber authorities warn that “ghost pairing” exploits human trust, not technology flaws. Staying alert and verifying every link or request can break the scam’s chain before it begins.
