The Indian Computer Emergency Response Team (CERT-In) has recently warned about a new cyber threat called GhostPairing, which targets WhatsApp users and enables hackers to secretly take control of accounts. This development is significant in the context of cyber security and governance, a key GS Paper II–III concern for aspirants preparing through UPSC coaching in Hyderabad.
About GhostPairing
- GhostPairing is a WhatsApp-specific cyber attack where hackers connect their device to a victim’s account.
- It gives attackers near-complete access to messages, contacts, and account activity without the victim’s knowledge.
- Unlike older methods, it does not require passwords or SIM card swaps.
Modus Operandi
- Victims receive a message from a familiar contact saying: “Hi, check this photo.”
- The message contains a fake link with a Facebook-style preview.
- Clicking the link redirects to a fraudulent Facebook viewer that asks users to “verify” to see the content.
- Victims are tricked into entering their phone number and pairing code.
- Once entered, hackers gain full access to the WhatsApp account.
Risks and Implications
- Hackers can read private conversations, impersonate victims, and exploit accounts for financial fraud or misinformation.
- The attack underscores the growing threat of social engineering in India’s expanding digital ecosystem.
- CERT-In’s advisory emphasises caution against clicking unknown links and sharing verification or pairing codes, a point frequently stressed in cyber governance discussions at Hyderabad IAS coaching.
Conclusion
GhostPairing shows how cybercriminals exploit trust and social engineering to bypass security. Stronger digital hygiene, user awareness, and timely reporting are essential to safeguard WhatsApp accounts and prevent such attacks.
This topic is available in detail on our main website.
