Without an OTP and SIM, Google accounts can still be hacked
A new WhatsApp scam called GhostPairing is worrying cybersecurity with its sophistication and ability to deceive users by just psychological manipulation.
Without having to hack passwords, steal SIM or block OTP codes, scammers can still quietly take control of the victim's Facebook account through a legitimate feature of linking devices.
Unlike traditional technical attacks, GhostPairing does not disrupt the security system or end-to-end encryption of WhatsApp.
Instead, this trick exploits the subjective habit and trust of users in familiar messages.
The script often starts with a seemingly harmless message sent from a seemingly trustworthy account, even an acquaintance in the account.
Popular content such as: " Are you in this photo?" or "I just saw your photo". Along with that is a link displaying a preview that is very similar to a photo or post on Facebook, making the victim easily lose their vigilance.
Fake websites and verification traps
When clicking on the link, users will be led to a fake website with a sophisticated design, the interface is almost unlike familiar services. This page requires users to verify their identity before viewing content.
In fact, this is the step to start the official device connection process of WhatsApp. The victim is asked to enter a phone number, then WhatsApp creates a join code.
The fake website continues to instruct users to enter this code in WhatsApp, but disguises it as a normal security authentication step.
With just that move, the victim accidentally allowed the attacker's device to link to his WhatsApp account.
Silently occupying power, difficult to detect
After the successful link, the scammer has almost full access, similar to the Google Web. They can read messages, download photos, videos, send new messages, and follow real-time conversations.
The danger lies in the fact that the WhatsApp application on the victim's phone is still working normally. There are no signs of being published or clearly warned, causing many people to not even know that their accounts have been hacked.
Why is GhostPairing spreading so quickly?
Cybersecurity experts say GhostPairing is especially dangerous because it spreads on trust. Once an account has been taken over, attackers continue to send similar malicious links to the victim's account and chat group.
second-hand messages are much more likely to be clicked on, helping the trick spread quickly without creating any obvious spam signs.
Although first detected in some European countries, experts warn that GhostPairing can appear anywhere, for any Google user.
What should users do to protect themselves?
The way to prevent GhostPairing is not about patching technical errors, but in raising awareness. Users should regularly check the "Connected devices" section in the Google settings and immediately delete unfamiliar login sessions.
All requests to enter a joined code, scan a QR code or vedicate an account through an external website need to be carefully considered.
Activating two-step verification is a necessary measure to increase the layer of security. Even if the message comes from an acquaintance, users should still confirm it before clicking on the link.
GhostPairing is a clear demonstration of the current trend of cyber attacks, when criminals do not need to "break" technology, just take advantage of human trust.
