WhatsApp’s New Username Feature Raises Concerns Over Impersonation and Scam Risks
WhatsApp’s new username feature, launched in 2023, allows users to create a unique identifier instead of sharing their phone numbers, but cybersecurity experts warn it could increase risks of impersonation and scams, according to a report by the cybersecurity firm Kaspersky.
What Is WhatsApp’s New Username Feature?
WhatsApp introduced the username feature in 2023 as part of its efforts to enhance user privacy and simplify communication. The feature, initially available in select regions including India, Brazil, and Indonesia, enables users to register a username—similar to a social media handle—that others can use to send messages without needing a phone number. According to WhatsApp’s official blog, the update aims to reduce the reliance on phone numbers for account verification, particularly in areas with limited mobile infrastructure.
The username replaces the traditional phone number-based contact system, allowing users to share a unique name instead. However, the feature has drawn scrutiny from security researchers who highlight potential vulnerabilities. “While the username system offers convenience, it also creates opportunities for malicious actors to exploit the lack of strict verification,” said a representative from Kaspersky, citing internal analysis of the platform.
How Does It Increase Impersonation Risks?
The username system could enable scammers to create fake profiles that mimic real users, according to a 2024 report by the cybersecurity firm NortonLifeLock. Unlike phone numbers, which are tied to specific devices and carriers, usernames are easier to replicate, especially if users choose common names or abbreviations. “Attackers can register similar usernames to trick users into sharing sensitive information, such as login credentials or financial details,” the report stated.

WhatsApp has implemented measures to prevent direct username duplication, but experts argue the system still lacks robust safeguards. “The platform does not verify the uniqueness of usernames beyond basic checks, leaving room for abuse,” said Dr. Emily Chen, a cybersecurity researcher at the University of California, Berkeley. “This is particularly concerning in regions where users may not be familiar with digital security best practices.”
What Scam Threats Have Been Reported?
Since the username feature’s rollout, there have been isolated reports of scams leveraging the system. In 2024, the Federal Bureau of Investigation (FBI) issued a warning about phishing attempts where scammers used fake usernames to impersonate customer support agents or trusted contacts. “These scams often involve fake links or requests for personal information, which can lead to account takeovers or financial loss,” the FBI noted in a public advisory.

Additionally, cybersecurity analysts at CrowdStrike reported a surge in “spoofed” WhatsApp accounts targeting business users. “Attackers are using usernames to mimic company representatives, tricking employees into transferring funds or sharing confidential data,” said a CrowdStrike spokesperson. The firm recommended users verify unexpected messages through alternative communication channels, such as email or phone calls.
What Steps Can Users Take to Protect Themselves?
WhatsApp has advised users to enable two-factor authentication (2FA) and avoid sharing usernames publicly. The company also emphasizes that it will never ask for passwords or verification codes via messages. “Users should be cautious of unsolicited messages and verify the authenticity of contacts before sharing sensitive information,” a WhatsApp spokesperson said in a statement.
Cybersecurity experts recommend additional precautions, such as using strong, unique passwords for WhatsApp and enabling biometric authentication on devices. “Users should also regularly review their account settings and report suspicious activity through WhatsApp’s built-in reporting tools,” said a NortonLifeLock representative.
What’s Next for WhatsApp’s Security Measures?
WhatsApp has not yet announced plans to overhaul the username system, but the company has acknowledged the need for continuous improvements. In a 2024 blog post, WhatsApp’s security team stated, “We are actively monitoring the impact of the username feature and will implement additional safeguards as needed.”
Meanwhile, regulatory bodies in several countries are considering stricter guidelines for messaging platforms. The European Union’s Digital Services Act (DSA), which took effect in 2024, requires tech companies to enhance transparency and user safety measures. “Platforms like WhatsApp must balance innovation with accountability to protect users from emerging threats,” said a representative from the European Commission.
Keep reading