Introduction
The Indian Computer Emergency Response Team (CERT-In), under the Ministry of Electronics and Information Technology, Government of India, recently released an advisory warning of the ‘GhostPairing Scam’, which targets users on messaging apps.
This fraud involves scamsters misusing the device-linking feature of messaging apps to take over the accounts of users. They gain access to the victims’ accounts without stealing passwords, one-time passwords (OTPs), or SIM cards. Once this happens, they can access conversations, contacts, and media, and can even send messages from the compromised account.
Image credits: Karnataka Bank on Facebook
How Does This Scam Work?
The GhostPairing scam usually begins with a message that appears harmless and familiar:
- Victims receive messages such as “Hi, check your photo” along with a link that displays a preview which resembles usual previews of social media platforms
- When the user clicks on this link they are directed to a page resembling a social media platform. Here the user is prompted to “verify” their identity by entering their mobile number before viewing the image
- This triggers the device linking feature of the messaging app and the user receives a pairing code. The attacker’s site asks the user to enter this code on the messaging app to complete the ‘login’ or the ‘verification’ to view the photo
- The attacker’s device gains access to the messaging account of the victim
- After hijacking the account, the attacker uses the account to send the malicious message and link to other contacts in order to carry out the same scam. Other users can also fall for this scam since they will unknowingly trust a message they received from a known contact
Since the phone continues to function normally, the scam becomes difficult for the victim to detect immediately.
How to Stay Safe?
Simple precautions can significantly reduce the risk of falling for such scams:
- Avoid clicking on unfamiliar links, even if they are shared by known contacts
- Do not enter your phone number or personal details on websites that imitate social or messaging platforms
- Regularly review your messaging app settings to check which devices are linked to your account
- If you notice an unknown linked device, remove it immediately and secure your account
Cyber scams like GhostPairing rely on deception and urgency rather than technical hacking. Staying alert and informed is the best way to protect yourself and those around you.
Image credits: Hubballi Dharwad City Police on Facebook
You can report any cybercrime incidents to the National Cybercrime Helpline by dialling 1930. You can also visit the National Cybercrime Reporting Portal at cybercrime.gov.in to register your complaint online.