WhatsApp ‘Ghost Pairing’ Scam: How Cyber Criminals Hijack Accounts Without OTPs
WhatsApp ‘Ghost Pairing’ Scam: How Cyber Criminals Hijack Accounts Without OTPs
Police warn users as a new WhatsApp fraud allows hackers to secretly access accounts using device-linking tricks
A new and dangerous form of cyber fraud called “WhatsApp Ghost Pairing” is targeting users across India, allowing criminals to take full control of WhatsApp accounts without passwords or OTPs. Telangana Police and the Union Ministry of Electronics and Information Technology (MeitY) have issued alerts after a rise in complaints linked to this method.
Unlike earlier scams that relied on malware downloads or fake calls, this fraud exploits WhatsApp’s “Linked Devices” feature. Cyber criminals trick users into unknowingly linking their WhatsApp account to another device, giving attackers complete access to chats, contacts, photos, videos and even financial conversations.
How the WhatsApp Ghost Pairing Scam Works
According to Telangana Cyber Security officials, the scam often begins with an innocent-looking message such as, “Hey, have you seen my photo?” or a similar lure sent via WhatsApp. The message may come not only from unknown numbers but sometimes from a known contact whose account has already been compromised.
Clicking the link opens a fake WhatsApp Web or pairing page. Without the user realising it, the attacker’s device gets linked to the victim’s WhatsApp account. In many cases, this happens without OTP verification or QR scanning, making the takeover silent and difficult to detect.
Once access is gained, criminals can read personal messages, extract banking or personal details, impersonate the user to scam contacts, and even attempt financial fraud using trusted conversations.
Hyderabad Police has warned users not to click on suspicious links, even if they appear to come from familiar contacts and stressed that WhatsApp accounts can be compromised within seconds through such deceptive tactics.
Government and Police Warnings
MeitY has confirmed that cyber criminals are abusing WhatsApp’s device-linking feature by generating pairing codes through fake pages. Telangana Police have urged citizens to remain alert, noting that this scam does not require victims to share OTPs, making it especially deceptive.
Authorities have highlighted that once an account is hijacked, attackers often use it to spread further fraud, multiplying victims rapidly.
How to Protect Yourself
Police and cyber experts advise users to take the following precautions:
Regularly check WhatsApp Settings → Linked Devices and log out of any unknown device immediately
Enable Two-Step Verification in WhatsApp settings
Never click on suspicious links, even from known contacts
Do not share OTPs, pairing codes, PINs, CVV numbers or WhatsApp verification codes
Keep your phone, browser and apps updated to the latest official versions
If you suspect your WhatsApp account has been compromised, stop using it immediately. Take screenshots of suspicious messages, links or pop-ups, and change passwords for email, banking and social media accounts without delay.
What To Do If You Are a Victim
In case of financial loss or suspected cyber fraud, immediately contact your bank and report the incident. Complaints can be lodged on the national cybercrime helpline 1930 or via cybercrime.gov.in.
Cyber officials emphasise that awareness and quick action are the strongest defences against evolving digital scams like WhatsApp Ghost Pairing.
Disclaimer: This article is for public awareness only. Readers are advised to verify security settings on their devices and consult official authorities in case of suspected cyber fraud.
