Hackers are constantly finding new ways to target people. A new scam has surfaced on the popular instant messaging platform WhatsApp. Under this scam, people’s accounts are being hacked without OTP (one-time password). This is called ‘ghostpairing’. According to warnings from cyber security experts, this scam takes complete control over people’s WhatsApp accounts. The special thing is that scammers do not need your password, SIM card or verification code to hack your account. Let us understand what a ghostwriting scam is and how you can protect yourself from it.
What is a Ghostpairing Scam?
Ghostpaying scams are quite different from other hacking methods. Till now people believed that if they do not share their verification code or OTP with anyone, they will be safe from scams, but this scam has proved this thinking wrong. Ghostpaying scams rely entirely on social engineering. In this scam, hackers trick people into clicking on a link. By doing this, people unknowingly allow their device to be linked to the hacker’s device. This method is very difficult to detect and avoid. Another dangerous aspect of this scam is that it reaches you through your trusted friends and spreads quickly.
How does this scam work?
According to a report by cyber security company Zen Digital, this scam starts with a message from a trusted friend. The message reads, “I found your photo.” The message also contains a link, and WhatsApp shows a preview of the photo, just like Facebook. As soon as you click on the link to view your photo, you will be redirected to a fake webpage. This page looks like the Facebook photo viewer. You will be asked to ‘Verify’ before viewing the content. After this, the device-linking process will begin. You will be asked for your phone number. Then a pairing code will be generated. After this you will be asked to enter this code in WhatsApp. Easy access to videos and photos.
When you enter this code, you unknowingly approve the hacker’s device. This gives the hacker complete access to WhatsApp Web. Now the hacker can read your messages, download photos and videos, send messages on your behalf, and even view new messages in real time. All this happens while your phone continues to function normally, so you won’t even realize that your account has been hacked.
Scams spread rapidly through trusted networks
Experts believe that this scam can spread rapidly around the world. Hackers send the same fraud link to their friends and group chats using accounts under their control. This way, they take advantage of people’s mutual trust instead of sending mass spam. Researchers have emphasized that GhostPairing does not break any encryption or take advantage of any software vulnerabilities. This scam uses genuine features of WhatsApp, which are working perfectly fine.
How to stay safe?
To protect themselves from GhostPairing, users should pay attention to the following:
First of all, open your WhatsApp. Then go to ‘Settings’. Click on ‘Linked Devices’. Now check that your account is not linked anywhere else. If it is, remove it.
Be wary of any requests to scan a QR code or enter a pairing code from any website.
Turn on two-step verification.
Verify any unknown message carefully, even if it appears to be from someone you know.