Back to blog
Security
BSI Warning: WhatsApp Accounts Hijacked via Ghost Pairing
4 min read
The BSI warns of a new phishing method called Ghost Pairing. Criminals abuse WhatsApp's device linking feature to gain access to messages and contacts. Here's how to protect yourself.
What is Ghost Pairing?
Ghost Pairing is a new phishing method where criminals abuse WhatsApp's official device linking feature. Attackers send deceptively authentic phishing messages, often from hacked accounts of acquaintances or in the name of social media platforms.
Victims are lured to fake websites where they're asked to enter their phone number. This number is forwarded to WhatsApp to activate the device linking function.
How the Attack Works
- WhatsApp generates an eight-digit pairing code
- Criminals ask the victim for this code
- Alternatively, they use QR codes that resemble WhatsApp Web
- After successful pairing, attackers gain access to messages, media, and contacts
The dangerous part: Access often remains undetected for a long time as no notification is sent.
BSI Protection Recommendations
- • Critically examine incoming messages, even from known contacts
- • Don't use QR codes from unknown sources for device linking
- • Enable 2-factor authentication in WhatsApp
- • Regularly check connected devices under Settings > Linked Devices
- • Optional: Consider switching to more secure messenger services (Signal, Threema)
What to Do If Compromised
If you suspect your WhatsApp account has been compromised:
- • Immediately remove all linked devices under Settings
- • Enable 2-factor authentication or change your PIN
- • Warn contacts that messages may have been sent in your name
- • File a report with the police