Digital fraud

Spam calls and then the trap message: how Ghost Pairing steals WhatsApp identity

Ghost pairing is one of the most insidious scams circulating on WhatsApp: it exploits spam calls, misleading messages and the function of connected devices to allow criminals to enter the victim's account and use it remotely

by Rome Editorial Staff

9 March 2026

3' min read

Translated by AI

Versione italiana

Key points

First the calls, then the blow
The WhatsApp scam that doesn't look like a scam
What happens when the phantom device is docked
How to protect yourself from Ghost Pairing on WhatsApp
Why Ghost Pairing Marks a Change of Scale in Digital Scams

3' min read

Translated by AI

Versione italiana

Repeated phone calls are not background noise. They are the first act of a scam that is affecting a growing number of Italian users in this early March 2026: Ghost Pairing, the technique that allows a criminal to hook their device to the victim's WhatsApp account and operate in its place - reading chats, downloading photos, sending messages, targeting other contacts.

First the calls, then the blow

The pattern emerging from the most recent reports follows a precise sequence. The target receives a barrage of spam calls from unknown numbers. They do not serve to talk: they serve to create stress, urgency, frustration - to lower the attention threshold. So soon afterwards comes a WhatsApp message from a contact in the address book, someone you trust, whose account, however, has already been compromised.

The text invites you to click on alink to enter a competition, view an urgent content, complete a check.

After the click, the victim is prompted to enter a numeric code or scan a QR code to 'authenticate'. That gesture does not authenticate anything: it links the scammer's device to the target's WhatsApp account.

The WhatsApp scam that doesn't look like a scam

And it is this mechanism that makes Ghost Pairing more insidious than traditional digital fraud. There is no malicious software to install. There is no password stolen in a brute-force attack.

The fraudster does not force anything from outside: he convinces the victim to take the decisive step by himself, exploiting a legitimate function of the application - that of connected devices. The message comes from a known person. The request appears plausible. The procedure seems normal. It is precisely this apparent normality that makes the deception effective.

What happens when the phantom device is docked

Once the connection has been completed, the criminal has full access to the account: he can read conversations in real time, download photos and documents, acquire personal information and - above all - send messages in the name of the victim.

The compromised profile becomes the tool to target other contacts and extend the fraud chain. It is not an isolated data theft: it is a stable access to a person's digital identity, which can be used until the phantom session is detected and disconnected.

Iran, droni e AI cambiano la guerra

How to protect yourself from Ghost Pairing on WhatsApp

Defence is built on four concrete actions.

1. Enable two-step verification. The function adds a personal six-digit Pin to the WhatsApp account. It is the first barrier: even if the fraudster manages to obtain a verification code, without that Pin he does not complete the connection.

2. Check connected devices regularly. This section is found in WhatsApp settings. If a session appears that you do not recognise - a browser, a device, a login with an abnormal date and time - you should log out immediately.

3. Never enter codes on external links. Even if the message comes from a family member, a colleague, a close friend: no legitimate service asks you to enter verification codes WhatsApp on external sites. Any such request is a red flag.

4. Filter and block spam calls. Silencing unknown numbers reduces exposure to automated campaigns preceding the attack and prevents bots from verifying that the number is active. The fewer calls go through, the more difficult it becomes for the fraudster to prepare the ground.

Meta testerà abbonamenti "premium" per Instagram, Facebook e Whatsapp

Why Ghost Pairing Marks a Change of Scale in Digital Scams

The objective is no longer to steal a piece of data, a password, a card number. It is to gain permanent access to the victim's digital identity and use it as a platform for chain attacks.

Spam calls pave the way, a message from a trusted contact breaks down defences, a link closes the trap.

Three steps, no obvious warning signs. The only defence that holds is the preventive one: do not act on impulse, treat every abnormal request as a possible attack and always - always - check the list of devices connected to your account.