December 22, 2025, 3:02 pm | Read time: 2 minutes

The trick works so well because it takes advantage of everyday situations. The messages seem harmless and appear to come from known contacts, so many people don’t become suspicious. It’s only when strangers already have access to one’s WhatsApp account that the fraud becomes apparent–but by then, it’s often too late.

GhostPairing: How the Attack Works

As reported by the security software manufacturer Avast, the attack usually begins with an innocuous-looking message like “Hey, I found your photo!” The senders pose as friends or acquaintances to build trust. The message contains a link to a deceptively real-looking website that resembles well-known platforms. The site prompts users to enter their phone numbers for verification.

Afterward, they are asked to enter the code they received via SMS. In reality, the site doesn’t start a verification process but uses WhatsApp’s “Linked Devices” feature. Entering the code allows attackers to link their own device to the account. From that moment, the perpetrators can read all chats without the victim noticing.

The hijacked accounts often serve as a starting point for further attacks. Criminals contact people from the address book and try to capture their WhatsApp access using the same tactic.

How to Protect Your Own Account

As a rule, SMS codes should never be entered on unfamiliar websites—especially if no login or device linking has been initiated. A close look at the website’s URL is crucial: If it doesn’t match the sender of the code, caution is advised.

Also of interest: These WhatsApp Messages Can Get You in Trouble With the Law!

If you suspect you’ve been affected, you should check in WhatsApp settings under “Linked Devices” to see which devices have access to the account and immediately remove any unknown entries. Additionally, it’s advisable to enable two-factor authentication. It protects the account even if a code falls into the wrong hands.