Loading Now

WhatsApp usernames could open the platform to impersonations and scams, warn cybersecurity experts: Here is how

WhatsApp usernames could open the platform to impersonations and scams, warn cybersecurity experts: Here is how

WhatsApp usernames could open the platform to impersonations and scams, warn cybersecurity experts: Here is how


Meta-owned WhatsApp has announced the rollout of usernames, allowing users of the instant messaging platform to communicate with family, friends, or businesses without sharing their phone numbers. According to WhatsApp, users will soon be able to pick unique usernames, similar to those on social media platforms.

Meta described the move as “designed to protect the privacy of your phone number,” adding that “people need to know your exact username to contact you.”

Telegram, Signal already allow usernames

WhatsApp is not the first to roll out such an option for its users. Telegram and Signal have allowed users to hide their phone numbers and use only a username for a very long time.

What about SIM-binding?

It should be noted that Indian law requires messaging platforms like WhatsApp and Telegram to link to a verified mobile number. Under the Telecom Cyber Security Rules, 2024, the Department of Telecommunications (DoT) enforces strict SIM-binding mandates to combat digital fraud.

Also Read | Mint Quick Edit | WhatsApp’s new privacy feature: hit or miss?

However, SIM-binding only means that a messaging account is typically created and authenticated using a valid mobile number. WhatsApp users can still use their chosen username as their public identifier while the underlying account remains linked to the verified phone number in the backend.

Concerns about misuse of WhatsApp usernames

While Meta claimed that the introduction of usernames would restrict access to phone numbers, others have raised concerns, especially about its potential misuse by unscrupulous elements.

Paytm founder Vijay Shekhar Sharma is among those who have flagged the potential misuse of usernames on WhatsApp.

“Soon you will have verified username on WhatsApp, and then unverified similar-sounding usernames….which in turn will…,” Sharma said in a post on X.

Also Read | WhatsApp usernames: The implications for India’s SIM-binding plan

Entrepreneur Ankur Warikoo also expressed similar concerns about fake usernames that could resemble a well-known person or business.

“In a country such as India, this could be a disaster, if the right anti-abuse systems are not set up by WhatsApp.

Imagine receiving a message from warikoo / awarikoo / ankurwarikooo / ankur_warikoo / a_warikoo / ankurwarikooofficial etc etc – soliciting money,” he pointed out.

Can you claim your Instagram username on WhatsApp?

On its part, Meta said “creators, small businesses and organizations” will be allowed to claim WhatsApp usernames that they already use on other products – Facebook or Instagram.

Cybersecurity challenges

Prashant Mali, a Mumbai-based Cyber and Privacy lawyer, also pointed out that though usernames could ensure privacy, they could easily be misused.

“With usernames, the identity of a user becomes more like social media, easier to remember, but also easier to imitate,” Mali told LiveMint.

“From a privacy perspective, this is good as no disclosure of their personal mobile number to strangers or businesses. But from a cybersecurity perspective, the trust model changes as people rely on a username rather than verifying the actual identity,” he explained.

According to him, misuse of usernames could lead to:

Creation of lookalike usernames

Fake customer care accounts

Business email compromises leading into business messaging compromises

Romance scams using anonymous identities

Deepfake-assisted messages where fake usernames are combined with AI-generated voice or video

Advocate Mali said it was up to WhatsApp users to remain vigilant and approach with caution.

“Technology may change, but cybercriminal psychology does not. Every new feature becomes a new attack surface until users learn how to use it safely. Users should adopt a Verify Before You Trust approach,” he said.

Post Comment