Cybersecurity authorities have issued a warning about a new scam targeting WhatsApp users, called “GhostPairing.” The scam begins with a message claiming, “Hey, I just found your photo,” which often includes a link. In many cases, the message may appear to come from someone familiar, making it more convincing.

Experts say the link directs users to a fake WhatsApp Web page designed to trick them into pairing their account with a hacker’s device. Unlike traditional account hacks, the scam does not require one-time passwords, SIM swaps, or trigger any alerts. Once the pairing is complete, scammers gain full access to the user’s account.

Authorities warn that attackers can read private chats, access photos, videos, and contacts, send messages impersonating the user, and even lock the account owner out of their own account.

To protect themselves, users are advised not to click on unknown or suspicious links, even if they appear to come from friends. They should avoid scanning QR codes on websites outside the official WhatsApp platform and regularly check the Linked Devices section in WhatsApp to spot unauthorized activity. Enabling two-step verification adds an additional layer of protection.

Cybersecurity experts have emphasized vigilance and immediate reporting of suspicious activity. They note that awareness and cautious use of the messaging platform are key to preventing personal information from falling into the hands of scammers.