


Cybersecurity experts have issued a warning over a major WhatsApp update that could soon change how people connect on the app.
The Meta-owned messaging platform is expected to roll out usernames later this year, meaning users will no longer need to hand over their phone number every time they want someone to contact them.
On paper, this sounds like a pretty useful privacy upgrade. For anyone who has ever had to share their number with a business, a stranger, or a large group chat they did not really want to be in, WhatsApp usernames could sound like a long-overdue fix.
On the other hand, experts are now warning that the very same update could also make it easier for scammers to create convincing lookalike accounts.
Advert

The concern is that fraudsters may use usernames that closely resemble banks, brands, government bodies, public figures or celebrities, making fake WhatsApp messages much harder to spot.
According to The Economic Times, Indian government officials have already warned that messaging platforms could be held accountable if new tools create opportunities for fraud, misinformation or impersonation.
One official was quoted as saying: “It is WhatsApp that has to worry, not us”.
Another official added: “Platforms must ensure their architecture is not used to create mischief. If it is, the response will be calibrated but firm.”
WhatsApp has reportedly pushed back against the concerns, saying the username feature is meant to improve privacy rather than weaken security.
The company is said to have built in several safeguards, including systems designed to detect impersonation, restrictions on how many new people an account can contact through usernames, protections against repeated username-guessing attempts, and the reservation of high-profile usernames linked to public figures, government entities and celebrities.
Not a good idea at all. Will lead to proliferation of fraud and impersonation. For example I checked, most variations of my name already taken. Wonder what can it be used for. https://t.co/Nu4DgKVFVm
— Bipin Preet Singh (@BipinSingh) June 30, 2026
Still, some industry figures on social media platforms like X (formerly Twitter) have warned the update could become messy if those protections are not strong enough.
As noted by Mint, Paytm founder Vijay Shekhar Sharma wrote in a post: “Soon you will have verified [usernames] on WhatsApp, and then unverified similar-sounding usernames.”
MobiKwik CEO Bipin Preet Singh also expressed concern, writing on X: “Not a good idea at all. Will lead to proliferation of fraud and impersonation. For example, I checked, most variations of my name already taken. Wonder what can it be used for.”
Like with email phishing scams, the two are essentially saying that even a small spelling change, extra letter or believable variation could be enough to trick users who are moving quickly through messages.
One of the aforementioned senior officials also warned: “I will never say we are 100% cyber secure. This is something against which we have to be eternally vigilant.”