WhatsApp Usernames Hide Phone Numbers But Scam Risk Remains
WhatsApp is rolling out usernames and optional keys to reduce phone-number exposure, but security researchers warn that impersonation and social-engineering scams can move to handles, profile images and trusted-looking accounts.

Usernames Reduce Phone-Number Exposure
WhatsApp is adding usernames so people can communicate without immediately exposing a phone number, but the change does not remove the main fraud risk on a platform used by more than three billion people.
The feature lets users choose a handle in account settings.
The National reported that WhatsApp will show whether the name is available, and that a username can be up to 35 characters.
Meta says the app is also adding an optional username key, which requires both the username and the key before someone can contact a user for the first time.
That design creates an extra gate for new conversations, but it does not authenticate the person behind an accepted handle.
Meta is using the change to reduce number harvesting and make it harder to tie a WhatsApp account to a person's wider online identity.
Some high-profile names appear unavailable or reserved for WhatsApp Business users, a measure intended to limit spoofing of public figures and brands.
The rollout is gradual.
WhatsApp usernames are expected to become available over the next few months, with beta versions already showing the setting to some users.
Security Researchers Expect Scammers To Adapt
Acronis senior security researcher Eliad Kimhy said usernames may reduce some abuse but will not significantly reduce scamming overall.
He said scams follow attention, trust and scale, and WhatsApp has all three.
Kimhy warned that fraud attempts could shift toward convincing handles, profile images and social engineering.
That means attackers may impersonate friends, executives, brands, customer-support teams or public figures even when phone numbers are hidden.
The practical security change is therefore narrower than anonymity.
Hiding numbers can reduce unsolicited contact and identity linking, but it does not prove that an account belongs to the person or company a scammer claims to represent.
Cybersecurity consultant Jake Moore said the move might create a false sense of security if users assume usernames make conversations inherently safer.
He said criminals can still exploit trust once a user accepts a contact or follows a link.
Business Accounts Still Need Verification Proof
The change also affects companies that use WhatsApp for customer service, sales and internal communication.
If users rely more on handles, businesses will need clearer ways to show that an account is legitimate before asking customers to share information or click links.
WhatsApp has business verification and profile tools, but the username feature does not by itself solve spoofing.
The risk is especially high for banks, airlines, delivery services, government agencies and payment providers, where a familiar-looking handle could push a user toward a fraudulent payment or credential request.
The safer operating model remains layered: users should verify unfamiliar contacts outside the chat, avoid sharing one-time codes, and treat urgent payment or login requests as suspicious.
Companies should publish official contact handles, educate support teams and avoid asking for sensitive data inside unverified conversations.
Meta has not disclosed a final global rollout date, detailed enforcement rules for reserved names, scam-detection results from the beta, or evidence that usernames reduce impersonation losses on WhatsApp.
















