You can often summarize cybersecurity as “same stuff, different day.” Attacks change, but rarely so dramatically you can’t see familiar methodology underneath. The latest example: Bad actors exploiting WhatsApp’s device linking process to infiltrate unsuspecting users’ accounts. As detailed by antivirus software maker Gen Digital, parent company for Norton, Avast, and AVG, this “GhostPairing” campaign relies on duping unsuspecting users into helping hackers login to their WhatsApp account (h/t BleepingComputer ). It’s a variation on a phishing attack , and works like this: You receive a WhatsApp message from one of your known contacts. They tell you they’ve found a photo of you online, and include a link. The link preview supposedly shows a Facebook page, but is actually a faked site. When you click on the link, you’re asked to verify your account to see the photo. The fake site then asks for your phone number. Once received, the attacker begins the login process from their side. A real verification code will be sent to your phone. The fake site then asks for this login code. If you input the code, that information is captured and then used to complete the device linking process. Victims that fall prey to this attack will believe they’re verifying the account for Meta’s purposes, but in actuality, they’re going through a legitimate login process. Once hacker has access to your account, they can see all of your existing messages and any new incoming messages. They can also send messages on your behalf to contacts to further the cycle of snooping on others for sensitive data. An example of the fake Facebook login verification screen, taken by Gen Digital. Gen Digital Fortunately, this type of attack isn’t new, which means you can more easily recognize it. First, it relies on unquestioning faith in your contacts—that you trust they would only ever send you uncompromised links. Second, it follows a similar pattern as more typical phishing attempts. You click on a fraudulent link, then input necessary login information on a fake (but convincingly real) site. Those credentials get captured and used by the attacker. The main difference here is that instead of recording your password (which can then be used for later credential stuffing attacks) and stealing two-factor authentication codes, this malicious campaign adapts to WhatsApp’s login method. Third, it tells on itself through odd behavior. In a normal scenario, you would not verify your access to Facebook content with your WhatsApp login details. The attacker is hoping you’re not paying too close attention to what’s happening! To avoid getting tripped up by this dirty trick, be mistrusting. Don’t interact with the link. Instead, if it’s someone you know, contact them through a different method, like a phone call or different messaging app, and ask what’s up. (Pun mildly intended.) If you don’t know them well, ignore the message. And in general, don’t share login codes with sites until you’ve verified the site is actually official . If you’re worried that someone might have access to your WhatsApp account, you can check to see what phones, tablets, and/or PCs are connected by heading to Settings > Linked Devices . You can also perform a similar check for many major services, like Google, Apple, Microsoft, Facebook, and more. I always recommend taking a peek every so often, just to make sure you’re locked down and safe.