- They discover a new scam on WhatsApp called ‘GhostPairing’
- This tricks users into giving criminal access to their account.
- The attacker may commit identity theft and defraud others.
There is no shortage of ways that hackers and other criminals will try to gain access to online accounts, but now another one has just been discovered, and this relates specifically to WhatsApp.
Gen Digital (via Bleeping Computer) has discovered a method of WhatsApp account takeover which it calls ‘GhostPairing’, and when a criminal carries it out successfully, it gives them full access to your WhatsApp account, potentially without you even realizing it. That’s why it’s worth knowing what to pay attention to.
The attempt begins when one of their contacts sends the victim a message that usually says something like “Hey, I just found your photo,” followed by a link. That link will appear with a Facebook-like preview, as you can see in the image below, but the link itself will not take you to Facebook.
Instead, it will take you to a criminal-hosted page that is designed to look like Facebook and ask you to log in to your account before you can view the content.
That process will involve providing your phone number and then scanning a QR code or entering a numeric code into WhatsApp, but in either case, what you’re actually doing is using WhatsApp’s device linking feature to link the criminal’s device to your WhatsApp account.
During this process, your WhatsApp account should alert you that another device is trying to access your account, which will hopefully be enough of a red flag for most people, but inevitably some won’t notice.
Those who follow the steps of the fake Facebook page will give the criminal full access to their WhatsApp account from a linked device, including conversation histories, shared media and, of course, the ability to send messages to a user’s contacts.
With this, the attacker can try to impersonate a user and commit fraud or extortion, and of course they can also then play the same trick on any of the user’s contacts.
If they are careful enough, they could even remain unnoticed in the user’s account for a long time.
Remove and prevent access
There is a way to check if this has happened to you: simply open WhatsApp and go to Settings > Linked devices, where you can see a list of all the devices linked to your account. If there are any that you don’t recognize, you can revoke their access.
As for avoiding falling victim to GhostPairing in the first place, you should always be wary of links sent to you, even from friends and family, and especially if they include only a vague message that seems designed to encourage you to click.
Also look closely at the URLs, since in this case they pretend to be Facebook, but the actual URLs used are very different. And finally, if you click on a link, think twice before entering sensitive details (or scanning a QR code) on any page it sends you to. In this case, WhatsApp will tell you what the code you are entering does, so make sure you also carefully read everything related to the process.
And while this attack is specific to WhatsApp, similar methods have been used for other messaging apps as well, so be careful what you’re using.
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
