MeitY warning, CERT-In declared 'high risk'
Vadodara: In today's digital age, WhatsApp has become an integral part of our daily life. But now hackers are using WhatsApp's 'Linked Devices' feature to create a new scam, which is called the 'ghost pairing' scam. In this scam, your WhatsApp account is invisibly linked to other devices without you even knowing.
Advisory No. CIAD-2025-0055 (dated December 19, 2025) regarding this scam has been issued by CERT-In under the Ministry of Electronics and Information Technology (MeitY), Government of India. This risk has been described as 'High Severity'.
What is a ghost pairing scam and how does it happen?
Hackers send you messages as if they were an identity—with a tempting link like “View this photo.” Clicking on the link takes you to a fake website, where you are asked to 'verify' the phone number. As soon as you enter the number, WhatsApp's device linking process begins, and your account is linked to the hacker's browser as soon as you enter the 8-digit code—this is 'ghost pairing'.
Hackers also sometimes misuse the QR code scan, screen sharing, or Link with Phone Number feature. Using WhatsApp Web on public Wi-Fi also carries the risk of stealing browser cookies.
What to do to save? (Advice from cyber expert Mayur Bhusawalkar)
*Check Linked Devices – Log Out immediately if you see an unknown device.
*Turn on Two-Step Verification and add an email address.
*Keep Biometric Lock enabled (Fingerprint/Face ID).
*Never Enter Unknown Code – Do not give OTP to anyone.
*In case of doubt immediately contact [email protected] and lodge a complaint at 1930.
*Be careful—one click can put your digital identity at risk.
