The Commissioner of Police for Hyderabad City, V. C. Sajjanar, IPS, warned people of a new cyber fraud on Sunday. In what has been called the “GhostPairing” scam, cyber fraudsters can access photos, chats and other private information from victims’ devices. They are also capable of sending messages while impersonating the victims and even locking them out of their own accounts, the Police Commissioner said.
What may appear as a harmless text on WhatsApp with a link is actually a trap to hack into the device of users, his post reminded. To make it appear trustworthy, a Facebook-like link preview is also given, while a closer examination will reveal the URL is not that of the Meta platform. Misled by the preview that states "Facebook", people may end up clicking on the link. The only way to steer clear of the scam is to avoid clicking it, he added. "If you receive a message saying ‘Hey, I just found your photo’ with a link — DO NOT click it, even if it appears to come from someone you know."
Elaborating on how the cyber scam works, the social media post further said, "This is a GhostPairing scam. The link takes you to a fake WhatsApp Web page and tricks you into pairing your WhatsApp account with a hacker’s device — without OTPs, SIM swap, or alerts."
If a person ends up clicking on the link shared with the message, the device then gets paired with that of the scammers, enabling them to read your private chats, access your photos, videos, and contacts, send messages while pretending to be you, and even lock you out of your own account.
As a precautionary measure, the public should never click on unknown or suspicious links, avoid entering pairing or QR codes on external websites, regularly check the "Linked Devices" section in WhatsApp, and ensure that two-step verification is enabled, the police official said. "Spread the word. One careless click can compromise your entire WhatsApp," he added before concluding the post.