What is WhatsApp ghost pairing and why scammers are using it to steal private data

WhatsApp has emerged as one of the most widely used communication platforms in India, storing years of personal chats, photos, videos and documents for millions of users. As adoption has grown, scammers have increasingly turned to exploiting user trust rather than technical loopholes. One such emerging threat is WhatsApp ghost pairing, a scam technique that allows attackers to secretly access a user’s messages and media without hacking passwords or triggering obvious security alerts, as per cybersecurity experts.

As per reports, unlike conventional account takeovers, ghost pairing operates quietly in the background, allowing attackers to monitor conversations and download media while the victim continues to use WhatsApp normally, often without any indication that their account has been compromised.

WhatsApp ghost pairing works by misusing the platform’s Linked Devices feature, which is designed to let users access their WhatsApp account on multiple devices such as laptops or tablets without requiring the phone to remain connected to the internet. Scammers exploit this legitimate function by tricking users into linking an unknown device to their account. Once paired, the attacker gains real-time access to messages, photos, videos and, in some cases, documents, while the original user remains logged in.

The scam typically begins with social engineering rather than technical hacking. Victims may receive messages or calls claiming to be from WhatsApp support, a company’s human resources team, a courier service or even a known contact whose account has already been compromised. Scammers often create a sense of urgency by warning users about account suspension, verification failures or time-sensitive opportunities such as job offers. Users are then asked to share a verification code or scan a QR code, which is actually used to link the attacker’s device to the victim’s WhatsApp account.

Once the pairing is complete, the attacker’s device silently syncs with the account. Messages continue to arrive, chats function normally and calls work as expected, making the breach difficult to detect.

One of the most dangerous aspects of ghost pairing is its invisibility. There is no forced logout, no app malfunction and no clear warning that another device is accessing the account. Many users rarely check the Linked Devices section in WhatsApp settings, allowing scammers to retain access for extended periods. During this time, private photos, videos and conversations can be collected and later misused for fraud, blackmail or identity theft.

Scammers rely heavily on emotional pressure to succeed. Messages are designed to induce panic or urgency, pushing users to act without verification. Impersonation is common, with attackers posing as officials, employers or trusted contacts. Some scams are timed around job searches, festive seasons or delivery schedules to appear more credible. Experts note that the effectiveness of ghost pairing depends more on manipulating human behaviour than on advanced technical skills.

To protect against WhatsApp ghost pairing, users are advised never to share verification codes with anyone, regardless of how legitimate the request appears. QR codes sent via messages, emails or social media should not be scanned. Users should regularly review the Linked Devices section in WhatsApp settings and immediately remove any unfamiliar devices. Enabling two-step verification adds an additional layer of security and reduces the risk of unauthorised access.

Cybersecurity specialists also advise users to pause when messages create urgency, as taking a moment to verify the source can prevent long-term loss of privacy and sensitive personal data.