The digital walls of end-to-end encryption are typically an effective measure to keep hackers away, but a slick and subtitled new threat is showing that you don’t even need lock picks if you’ve been given the keys. Named the “GhostPairing” con, this emerging account takeover scheme has alarmed millions of WhatsApp users at the end of 2025.
Where traditional phishing steals passwords and “SIM swapping” hijacks phone numbers, GhostPairing leverages a legitimate feature: WhatsApp’s device linking. By pretending to perform a regular security check, they’re covertly worming into your most private conversations and sitting there quietly without you ever knowing.
The ‘I Found Your Photo’ Lure: How the Attack Begins
The scam often starts with a message from someone you know — a person already in your address book whose account has been hacked. The note is brief, nonchalant and powerful: “Hey, see this, I stumbled onto your picture!” accompanied by a link.
Click on the link and it lands you on a slick-looking site which pretends to be Facebook branded. The page says that you need to “confirm your identity” or “log in” to see the alleged photo. Here is where the trap lies.
The Phone Number Request The counterfeit page prompts to type in your phone number.
The Behind-the-Scenes Proxy: The moment you type in your number, the attacker’s script passes it on to the original WhatsApp “Link with Phone Number” portal.
The Fake VerificationWhen you receive the code, WhatsApp then sends a 8-digit pin that also looks like it is sent by WhatsApp. That is intercepted by the scam website and displayed back to you, with a prompt telling you to “enter this code in your WhatsApp app to complete the verification.”
Why GhostPairing is Worse Than a Hack?
Most “hacks” are loud. You could be locked out of your account, or suddenly find that your password doesn’t work. There’s a big difference with GhostPairing, however: it’s a “ghost,” or silent device that resides alongside your main phone.
Read Full WhatsApp In Real Time: Now the attacker has a replica of your WhatsApp on his own computer. They can read every message you send or receive, view your private photos and even listen to your voice notes.
Bypassing Encryption: Because now that the attacker is a “linked device,” they technically are an allowed part of your account. The end-to-end encryption is circumvented as the “authorized” ghost device decrypts the messages.
The Snowball Effect: The attacker sends the same “I found your photo” link to everyone in your contact list using your account. Because the message is from you, your friends and family are as much more likely to click it, setting off a huge chain reaction.Item 2 Item 3
No Interference: Your phone still works exactly as it did before. There are no “logged out” notifications or bizarre error messages so an intruder can watch you for weeks, knowing from your private e mails and searches what is happening in your personal life.
So, How Do You Know You’re Being Monitored?
The only way to know if you’re being affected by a GhostPairing attack is to check your account yourself. Security experts say you should do this immediately if you have clicked on any questionable links lately.
Step-by-Step Audit:
Open WhatsApp on your phone.
Go to Settings (or tap the three dots on the top right).
Tap on Linked Devices.
Check the List: See if there is a device listed that you don’t recognize.
Log Out: If there’s any session that you didn’t yourself authorize, click or tap on it and then select Log Out immediately.
Protecting Your Account in 2026
As cybercriminals soften their approach, from “breaking” security to using tricks to get you to let them in, your best defender is a skeptical mind.
Don’t Type In Linking Codes from Websites: You should never have to type in a WhatsApp pairing code unless you on your own computer were presented with the original linking code. No legitimate website will ever ask you to “verify” yourself by WhatsApp using a code.
Turn on Two-Step Verification: Navigate to Settings > Account > Two-Step Verification and add a PIN. While this won’t prevent a device from getting linked, it provides an extra layer of security if somebody attempts to reset your account on a new phone.
Check the Sender: If a friend sends you an out-of-the-blue link with something like “Is this your picture?”
The GhostPairing scam is a timely reminder that in an era with 3.5bn WhatsApp users, convenience can also come at the highest cost. Stay vigilant, monitor those linked devices (and consider how many you really need) and don’t let a “ghost” sit at the digital table.
