The terrifying new scam that can hijack your WhatsApp without your password—here’s how to spot it before it’s too late

Think your WhatsApp account is safe as long as you never share your password? Think again. A new scam called Ghost Pairing is allowing cybercriminals to hijack accounts without ever needing your password, and it can all happen in silent mode while your device keeps working as usual. Before your private messages become leverage for blackmail, here’s how to spot the warning signs—before it’s too late.

What Is Ghost Pairing? The Stealth Attack Taking Over WhatsApp Accounts

A seemingly innocent link from a friend—a blast from the past in the form of an old photo, maybe—and just like that, things go quiet. Behind this unassuming message hides Ghost Pairing, a crafty WhatsApp scam that has recently surfaced across Europe. Known in French as “appairage fantôme,” this trick exploits WhatsApp’s Linked Devices feature, letting hackers connect a new device to your account without needing your password—or triggering any notification.

With over 2 billion users worldwide and approximately 25 million in France alone, the sheer size of WhatsApp’s userbase works in favor of scammers. Once the trap is set, it springs shut with alarming speed.

How the Scam Works—And Why You Might Not Even Notice

Spotted already in Spain, the Czech Republic, and Germany, the method has now made its way into new territory, according to cybersecurity firm Gen Digital. The idea is simple and chillingly effective: without you ever realizing, a hacker persuades you to authorize their computer to pair with your WhatsApp account.
The app keeps working as if nothing happened—no password change, no overt sign. Sometimes, a message might pop up mentioning “pairing your account on another device”—but let’s be honest, how many times have we just brushed those notifications aside? Here, everything centers on a single verification code.

Everything starts with a message from a contact whose own account has already been compromised, linking to what looks like a Facebook login page. Maybe they dangle an “old photo” from years gone by. The link then asks for your phone number. As soon as you enter it, WhatsApp sends you a verification code via SMS. If you type that code in, you’ve just paired your WhatsApp to the hacker’s computer using Linked Devices. From that moment, they can read and send messages as if they were you.

There’s a twist, too: sometimes, instead of a link, the scammer will call you over WhatsApp video, pretending to have technical issues—maybe a camera that’s on strike, or “bad audio.” They then ask you to share your screen. When the SMS code pops up in a notification, they note it down and use it instantly. All while your app stays open, and your chats keep buzzing. The hacker can access personal information and might use it for identity theft or blackmail, never needing to touch your password.

How to Catch Ghost Pairing in the Act

Worried your account might be compromised? Here’s how to check:

Open WhatsApp and go to Settings (on iPhone) or tap the three vertical dots (on Android) and select Linked Devices.
You’ll see a list of active sessions, complete with device type and last activity timestamp.
If you spot a computer or browser you don’t recognize, it’s time to sound the alarm. Tap and select Log Out to boot suspicious devices.
Make a habit of checking this page regularly—it’s your early warning system.

Protect Yourself: Smart Habits and Digital Hygiene

If you ever have doubts:

Never share a WhatsApp verification code received by SMS unless you initiated the request yourself. Receiving an unsolicited code is a big, waving red flag.
You can uninstall and reinstall WhatsApp to force a new verification process.
Alert your contacts—they might have received a suspicious message from you. Resist any requests for money, no matter how convincing the story.
Remember to update passwords across your other sensitive accounts just in case.

The strongest shield remains WhatsApp’s own two-step verification. Activate your six-digit PIN by heading to Settings > Account > Two-step verification. From then on, every new installation of WhatsApp on a device will require not only the SMS code, but your special PIN as well. That way, even if a scammer intercepts the verification code, they can’t get any further without your PIN. And don’t forget to keep an eye on your linked devices from time to time.

To keep your digital self safe, adopt a few simple security habits:

Be wary of urgent messages, even from friends. When in doubt, double check by calling the person outside of WhatsApp.
Avoid clicking on unexpected links, especially if they’re asking for your number or a verification code.
If you do fall victim to a hack, take screenshots, let your contacts know, and consider reporting the incident to your country’s relevant authorities. Better to stop the scam in its tracks than try to clean up after the mess.