
WhatsApp adds a warning for device-linking account takeovers
WhatsApp is moving to warn users about an account-takeover path that does not rely on stealing a password. The scam abuses WhatsApp’s device-linking flow: a user is tricked into approving a new linked device, and that approval can expose chats, media, and new incoming messages to someone else. Meta is adding a device-linkage warning to flag that risky step.
The pairing prompt that hands over a WhatsApp account
WhatsApp’s linked devices feature is meant to let people connect extra devices such as laptops or desktops. In this scam, the same flow becomes the entry point. Attackers can use either QR-code pairing or a numeric pairing code, and the numeric-code version is described as the easier route to abuse because it can look like a routine verification step.
The lure often arrives from an account the victim already trusts, or one that has already been compromised. A common example is a message framed as a simple photo link, such as “I found your photo.” That kind of message lowers suspicion just enough for the user to approve the pairing prompt.
Once the new device is linked, the attacker can read synced messages, receive new messages in real time, view photos, videos and voice notes, and send messages as the victim. For business users, that turns a single mistaken approval into direct access to customer threads, team chats and vendor conversations.
Why the takeover stays hidden on the victim’s phone
The attack is effective because the victim’s phone can keep working normally after the linked session is added. The account still looks active on the handset, while the attacker’s browser or desktop session stays connected in the background until it is manually removed. That delay makes the compromise harder to spot than a typical login alert.
The same trusted identity then becomes the delivery system for the next lure. Attackers use the compromised account to send the same message pattern to contacts, which can push the scam into family groups, work chats and friend circles. In practice, one linked session can become a fast-moving impersonation channel inside the victim’s own network.
Meta’s new warning and the checks users should make
Meta is introducing a warning in WhatsApp for cases where an account is being linked to a new device. The warning tells users that approving the request could let someone else access messages. That is the key moment to slow down, because the risk is not a generic verification prompt but a new session gaining access to the account.
The immediate user-side check is WhatsApp’s Linked Devices screen. Anything unfamiliar there should be removed right away. Users should also turn on Two-Step Verification, which adds another control if someone tries to take over the account again. For operators who depend on WhatsApp for daily communication, those two checks are the practical response to an unexpected pairing request.
What is still unclear about the rollout
The rollout status of Meta’s device-linkage warning is not fully clear. It is not confirmed whether the alert is already live everywhere or limited to certain regions or release stages. The scale of the abuse campaign is also not quantified in the available information.
If a pairing request appears unexpectedly, check Linked Devices immediately and enable Two-Step Verification.
Disclaimer: This article was created with the assistance of AI. Images are for illustrative purposes only.
About the author

Samarth Agrawal is an AI and technology professional who writes about WhatsApp, automation, and emerging AI trends. He focuses on simplifying complex tech updates into practical insights for businesses, creators, and everyday users
