Have you ever received a message from a friend saying, “Hey, I just found your photo!” with a link that looks like Facebook?

At Drapari Online, I’m seeing a surge in a clever attack called GhostPairing. Unlike traditional hacking, this doesn’t steal your password. Instead, it tricks you into inviting the hacker into your account as a “linked device.”

The Anatomy of the Attack

1. The Lure: You get an urgent or curious message from a contact you trust. It includes a link that shows a familiar “Facebook-style” preview.
2. The Fake Page: Clicking the link takes you to a site that mimics a Facebook viewer. It asks for your phone number to “verify” you before you can see the photo.
3. The Bridge: In the background, the hacker’s site sends your number to the real WhatsApp “Link with Phone Number” feature. WhatsApp then generates a real 8-digit pairing code meant for you.
4. The Handshake: The fake site displays this code back to you and tells you to “enter it in WhatsApp to confirm your identity.” Because the code came from a “safe” looking site, many users comply.
5. The Hijack: The moment you enter that code, the attacker’s browser becomes an authorized “linked device.” They can now read your messages, see your media, and message your friends—all while your phone keeps working normally.

Your 3-Step Defense Plan

• Audit Your Sessions: Go to WhatsApp > Settings > Linked Devices. If you see a device you don’t recognize (like a random Windows PC or Chrome browser), tap it and select Log Out immediately.
• Set a Cloud PIN: Turn on Two-Step Verification (Settings > Account). This adds a PIN that only you know, making it much harder for someone to fully hijack your account.
• Never “Verify” on Websites: WhatsApp will never ask you to enter a pairing code on a website to view a photo. Pairing codes are only for connecting your own computers or tablets.