India’s top cybersecurity agency, the Indian Computer Emergency Response Team (CERT-In), has issued a high-severity advisory warning WhatsApp users about a newly identified cyber fraud technique called “GhostPairing”. The scam allows cybercriminals to gain full access to WhatsApp accounts without stealing passwords, OTPs, or SIM cards, raising serious concerns for students, educators, and institutions that rely heavily on the messaging platform.
The attack exploits WhatsApp’s device-linking feature, originally designed to help users access their account across multiple devices. Cybercriminals are now abusing this feature to silently link their own devices to a victim’s account, effectively taking control without triggering immediate suspicion.
What Is the GhostPairing Scam?
GhostPairing is a social engineering–driven cyberattack that bypasses traditional security measures. Instead of hacking passwords or intercepting OTPs, attackers manipulate users into unknowingly approving a malicious device pairing request.
CERT-In explained that the scam works by making the attacker’s device appear like a legitimate linked device. Once approved, the attacker gains continuous access to the WhatsApp account, often without the victim realising it for days or even weeks.
This makes GhostPairing particularly dangerous, as it leaves no obvious signs of compromise.
How the Scam Begins: A Simple Message with Serious Consequences
The attack typically starts with a short and harmless-looking message, such as:
“Hi, check this photo.”
What makes the scam effective is that the message often comes from:
- A known contact
- A classmate
- A colleague
- Someone from a WhatsApp group
The message includes a link that shows a fake social media preview, resembling Facebook or another familiar platform.
Step-by-Step: How GhostPairing Hijacks a WhatsApp Account
According to CERT-In’s advisory, the attack unfolds as follows:
- The user clicks on the suspicious link
- A fake webpage opens, claiming the user must “verify” their identity
- The page asks for the user’s phone number
- Attackers misuse WhatsApp’s “Link device via phone number” option
- The user unknowingly authorises a hidden linked device
No password is stolen. No OTP is intercepted. No SIM swap occurs.
The victim believes they were only trying to view a photo.
Interesting Reads
Skill gaps cost trillions: Why India must urgently upgrade human capital
What Access Do Attackers Gain After Hijacking?
Once GhostPairing is successful, attackers receive access similar to WhatsApp Web. This includes:
- Reading synced chat history
- Receiving new messages in real time
- Viewing photos, videos, and voice notes
- Sending messages as the victim
- Accessing private chats and group conversations
For students, this can expose:
- Academic group discussions
- Exam-related communication
- Internship and placement messages
- Personal photos and private conversations
In many cases, attackers then use the hijacked account to spread the same scam further, targeting the victim’s contacts.
Why Students and Young Users Are Prime Targets
Students are among the most affected groups due to their digital habits. WhatsApp is widely used for:
- Online classes and announcements
- Notes and study materials
- College groups and faculty communication
- Internship and job updates
However, many students:
- Click links without verification
- Trust messages from peers automatically
- Are unaware of the Linked Devices feature
- Have never received formal cybersecurity training
This combination makes students easy targets for deception-based attacks like GhostPairing.
CERT-In’s Safety Advisory: What Users Must Do
CERT-In has urged all WhatsApp users, especially students, to take immediate precautions:
- Do not click on suspicious links, even if sent by known contacts
- Never enter your phone number on external websites claiming to show photos or videos
- Regularly check WhatsApp → Settings → Linked Devices
- Log out immediately if any unknown device appears
- Avoid linking WhatsApp on public or shared computers
If a device was not personally authorised, it should be removed without delay.
What Educational Institutions Need to Understand
The advisory also highlights the responsibility of schools, colleges, and training institutions.
CERT-In recommends institutions:
- Conduct cybersecurity awareness sessions for students
- Educate learners about phishing and social engineering attacks
- Promote safe usage of messaging apps for academic communication
- Establish response protocols for compromised student accounts
Cybersecurity awareness must now be treated as part of digital education, not an optional topic.
Why This Warning Matters
The GhostPairing scam highlights a critical reality of modern cybercrime:
Most attacks succeed not because systems are weak, but because users are misled.
As education increasingly depends on digital platforms, messaging apps have become gateways to sensitive academic and personal data. A single careless click can result in identity misuse, data leaks, and reputational harm.
Conclusion
The GhostPairing scam is a reminder that convenience-driven features can become security risks if users are unaware. Students must understand that digital safety is not just about passwords—it is about judgement, awareness, and caution.
In today’s connected education ecosystem, cyber awareness is as important as academic knowledge.
