Over the last decade, smartphones have become an extended part of our lives. Given how much convenience it offers, such as cab hailing, getting directions to a destination, ordering food, calling loved ones, transferring money instantly and even possible complete a PowerPoint presentation efficiently on the way to the office. It is unimaginable for many to set foot outside the house without their mobile in their pocket.

However, if we are not careful enough, we may have to pay dearly. Cyber crooks regularly come up with ingenious ways to hoodwink naive users into taking over their phones and stealing money.

The most recent instance is the ghost pairing. The Ministry of Electronics and Information Technology has issued an advisory on this cyber threat.

What is ghost pairing?

It is one of the new phone hacking techniques, where threat actors use social engineering and messenger apps such as WhatsApp and Telegram. They initially build trust by having the name of a known contact (in the potential victim's phone list), or a government agency representative (Income Tax), or a bank executive.

They send a message with a 'Hi, check this photo'. The message contains a link with a Facebook-style preview, which later leads to a verification process via phone number.

As part of a social engineering tactic, the threat actors use urgency or panic-inducing statements, such as if you don't perform this action, your bank account will be frozen, or the phone number will be blocked immediately.

And, the naive users unwittingly grant attackers access to link WhatsApp's account to the latter's device. This way, hackers get full access to the victim’s WhatsApp accounts, without any password theft or SIM swapping, and the chain follows.

Once they get access to sensitive photos and videos, they blackmail the victim to send money to their bank account. Or in the worst case, if the person had stored a photocopy of a bank credential (account ID and passwords with Debit/credit card details), they will clean the bank account.

Here are valuable tips to safeguard yourself from ghost pairing and other similar cyber threats:

1) If you receive an email or message from a person with a familiar name or even a government agency, read it carefully. As noted earlier, cyber crooks use social engineering and tell you to click on a URL link or a PDF to get more information. Do not press any link or download any file.

Government and bank agencies do not ask citizens to share their personal or financial details through messenger apps

2) Never install APK files or any apps from third-party app stores or links marketed on social media platforms. Always download apps from Google Play or Apple App Store, or Microsoft Windows Store.

3) Never share online account details such as Gmail IDs, bank customer IDs and passwords on messenger apps or on emails with anybody or type details on an online form on a website published by an unknown company.

4) Always update your smartphones and computers to the latest version to protect yourself from new emerging cyber threats.

5) It is a good practice to install an anti-virus application from a well-known publisher on your device. Once installed, ensure to turn on the safe browsing feature.

If you fall victim to online fraud, immediately call toll-free 1930. It is run by the Indian Cyber Crime Coordination Centre, and once you share the bank transaction details, they will be able to trace and freeze the mule bank accounts. Ensure you call them within one hour, as there will be a higher chance of blocking the cyber criminals from withdrawing the ill-got money.

Get the latest news on new launches, gadget reviews, apps, cybersecurity, and more on personal technology only on DH Tech.