GhostPairing WhatsApp Account Hijack — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated May 28, 2026

Severity: CRITICAL | View Full Scam Details

GhostPairing WhatsApp Account Hijack Scam in India 2026: Stay Alert, Stay Safe

GhostPairing WhatsApp Account Hijack is a critical phishing scam sweeping across India in 2026, putting millions of WhatsApp users at risk of losing control over their accounts and personal data.

What Is the GhostPairing WhatsApp Account Hijack?

GhostPairing WhatsApp Account Hijack is a sophisticated phishing scam targeting WhatsApp users across India, from college students to professionals and elders who rely on WhatsApp for daily communication and financial transactions. According to complaints reported to cybercrime authorities, this scam has grown rapidly over the past year, driven by scammers exploiting WhatsApp’s huge user base and the trust users place in messages from their contacts.

The scam uses fake links disguised as legitimate WhatsApp or Facebook previews that scammers share via WhatsApp messages. These links often arrive from phone numbers or accounts that victims already know — likely compromised themselves — which helps fraudsters build trust and increase the chance that a victim will click. This elaborate social engineering technique leverages the trusted WhatsApp ecosystem, making it one of the more dangerous scams reported nationwide.

CERT-In (Indian Computer Emergency Response Team), under the Ministry of Electronics and IT, has issued warnings about such phishing attempts targeting messaging apps. The I4C (Indian Cyber Crime Coordination Centre) also tracks this type of scam under its ongoing cyberfraud monitoring, noting its growing frequency and high severity score of 9/10, urging users to remain vigilant.

How This Scam Works — Step by Step

1. Scammer Sends a Fake WhatsApp/Facebook Preview Link: The victim receives a WhatsApp message containing a link that looks like a genuine WhatsApp or Facebook content preview. The sender may appear as a trusted contact whose account might already be compromised.

2. Victim Clicks the Link: Clicking the link redirects the victim to a fraudulent verification webpage designed to look like an official WhatsApp login or verification portal.

3. Request for Phone Number and OTP: The fake site asks the victim to enter their phone number, pretending to verify or “restore” their WhatsApp account. When the victim submits their number, the scam page triggers WhatsApp’s legitimate OTP (One-Time Password) sending process.

4. Victim Shares OTP: The site urges the victim to enter the OTP received on their phone to complete verification — this is the critical trap. Sharing the OTP passes control to the scammer.

5. Account Hijack: Using the OTP, fraudsters log in to the victim’s WhatsApp account on another device, effectively hijacking it. The victim loses access as bad actors take over the account.

6. Spreading the Scam or Financial Theft: The scammers then impersonate the victim, sending malicious links or forwards to the victim’s contacts. In some cases, fraudsters may attempt to extract money or sensitive information by pretending to be the victim or their relative.

Real Warning Signs to Watch For

• Messages containing links that look like WhatsApp or Facebook previews but come with unusual URLs.
• Links sent by contacts who usually don’t share such messages or appear to be sending spam suddenly.
• Requests to “verify” your WhatsApp account through a link or enter OTPs on external websites.
• Urgent or panic-inducing messages pressuring you to act fast on WhatsApp.
• Poor grammar or spelling errors accompanying the suspicious message.
• Receiving OTPs (One-Time Passwords) unexpectedly while not trying to log in.
• WhatsApp suddenly showing logins on new devices or notifications about sessions you did not start.

What Happens to Victims

Victims of the GhostPairing WhatsApp Account Hijack scam typically suffer both financial and emotional consequences. Once the WhatsApp account is hijacked, fraudsters may impersonate the victim to defraud friends and family by requesting money through UPI or bank transfers. Since UPI transactions are instant and often irreversible in such fraud cases, many victims report losing thousands or even lakhs of rupees before they realize what happened.

This scam also risks misuse of Aadhaar-linked services if the WhatsApp number is linked to Aadhaar-based OTPs or financial accounts. Victims often feel violated due to loss of privacy, harassment from impersonators, and the long process of restoring their accounts through WhatsApp or mobile service providers.

What RBI and CERT-In Say

The Reserve Bank of India (RBI) has emphasized the importance of safeguarding OTPs and warned against sharing them with anyone under any circumstances. RBI’s guidelines clearly state that banks and official channels never ask for OTPs over calls or messages.

CERT-In regularly issues alerts on phishing scams targeting messaging platforms and urges users to report suspected cyber fraud to the national cybercrime helpline at 1930. The Indian Cyber Crime Coordination Centre (I4C) under the Ministry of Home Affairs encourages reporting via cybercrime.gov.in for fast-track investigation and support.

RBI and CERT-In collectively encourage awareness of social engineering tactics that manipulate trust within widely used apps like WhatsApp.

How to Protect Yourself

1. Never click on suspicious WhatsApp or Facebook links, especially if they ask for verification or OTP input.
2. Do not share OTPs, verification codes, or passwords with anyone—under no circumstances.
3. Turn on WhatsApp’s Two-Step Verification feature to add an extra security layer.
4. Regularly check “Logged in devices” in WhatsApp settings and immediately log out unknown sessions.
5. Verify with the sender (through a separate call or message) before clicking on any unexpected link they send.
6. Be cautious of urgent or threatening language designed to panic you into quick action.
7. Keep your smartphone operating system and WhatsApp app updated to latest security patches.

What to Do If You’ve Been Targeted

1. Immediately inform your contacts that your WhatsApp account may be compromised and warn them not to click on any suspicious links.
2. Open WhatsApp on your phone and request a re-verification using your mobile number to regain control.
3. Contact your mobile service provider to secure your SIM in case of a SIM swap attempt.
4. Report the incident to local cybercrime authorities and file a complaint at cybercrime.gov.in.
5. Call the national cybercrime helpline 1930 for assistance and guidance.
6. Inform your bank if financial transactions were affected; monitor and freeze suspicious transactions.
7. Change passwords linked to your phone and financial apps promptly.

Frequently Asked Questions

Q: Can this GhostPairing scam steal money directly from my bank account?
A: The scam itself hijacks your WhatsApp account and may impersonate you to ask your contacts for money, often via UPI transfers. It does not usually hack your bank directly, but the financial loss occurs through fraudulent requests made in your name.

Q: How is this different from a SIM swap scam?
A: Unlike SIM swap, which involves physically or remotely transferring your mobile number to another SIM, GhostPairing hijacks your WhatsApp account through phishing links and OTP theft without needing your SIM card.

Q: How can I check if my WhatsApp is logged in on another device?
A: Open WhatsApp, go to Settings > Linked devices. You can see all active sessions there. If you see any device you did not authorize, log it out immediately.

Stay safe and always verify suspicious messages or links on BharatSecure.app. If you suspect fraud, report it immediately at the national cybercrime helpline 1930.

Disclaimer: This article describes a pattern of fraud reported in public sources for public-safety awareness. It is not legal, financial, or medical advice. To request correction or removal of any content, write to hello@bharatsecure.app.