TheVortiq
Inteligencia Artificial

WhatsApp Usernames: A New Door for Impersonation?

The username feature, designed to protect privacy, is already raising alarms over potential impersonation of public figures and companies, leading the Indian government to call for a pause.

July 5, 2026 · 4 min read

Smartphone displaying WhatsApp login screen on a dark surface. Overhead view.

TL;DR: WhatsApp has started allowing usernames, but tests reveal that names of public figures and companies are already being reserved by third parties, opening the door to identity theft. India has requested a halt to the rollout until risks are assessed.

What happened?

WhatsApp has started allowing username reservations, a feature that lets users choose a unique identifier to be contacted without revealing their phone number. However, according to reports from TechCrunch and Xataka, names that mimic public figures, companies, and institutions — such as 'indiamodi', 'shahrukh.actor', 'rbi_verify', or 'cz_binance' — are already available or have been reserved before their legitimate owners could do so. Binance founder Changpeng Zhao confirmed on X that he could not reserve his own username, suggesting someone else did. TechCrunch reported that in an early phase, it found names like 'indiamodi' (referring to Indian Prime Minister Narendra Modi), 'shahrukh.actor' (for actor Shah Rukh Khan), 'rbi_verify' (impersonating the Reserve Bank of India), and 'cz_binance' (for Binance CEO) available. This indicates that the reservation system lacks filters to prevent impersonation of recognizable identities.

Why is it important?

The username feature promised greater privacy by reducing exposure of phone numbers. However, these incidents reveal an immediate risk: identity theft. If a scammer reserves the name of a bank or transportation company, they can impersonate them and trick users into revealing sensitive data or money. Trust in a familiar name can be exploited, especially in a country like India, where WhatsApp is the primary communication tool with over 500 million active users. According to cybersecurity firm Kaspersky, India is one of the countries with the highest incidence of messaging fraud, with 40% of users reporting having received fraudulent messages. Impersonation via usernames adds a layer of legitimacy that could increase the success rate of phishing attacks.

Consequences and reactions

The Indian government, through the Ministry of Electronics and Information Technology (MeitY), has sent a notification to WhatsApp requesting a halt to the rollout until consultations on impersonation risks are conducted. Minister Rajeev Chandrasekhar told TechCrunch: 'We will not allow usernames to become a tool for fraud. WhatsApp must implement verification measures before launching this feature on a large scale.' Meta, the parent company, has not yet publicly responded. This case adds to other impersonation incidents on messaging platforms, such as bank fraud via SMS and calls, but now with an additional layer of legitimacy by using an official platform name. In 2023, the Reserve Bank of India issued an alert about WhatsApp scams impersonating banks, and in 2024, security firm CloudSEK reported a 300% increase in identity theft cases on messaging apps. The absence of a verification system for usernames could exacerbate this problem.

“The new way to identify ourselves also becomes a new way to recognize each other. And when that identifier resembles that of a company, the line separating a legitimate identity from a fake one can become less clear.” — Xataka

Changpeng Zhao, founder of Binance, tweeted: 'I couldn't get my own username on WhatsApp. Someone else took it. This is a security problem.' His tweet generated over 10,000 interactions on X, highlighting public concern.

What should readers know?

  • Don't trust the username alone: Always verify the contact's identity through other means, especially if they ask for sensitive information. For example, if you receive a message from 'rbi_verify' requesting bank details, contact the bank directly through official channels.
  • Enable two-step verification: Add an extra layer of security to your WhatsApp account to prevent others from impersonating you. According to WhatsApp, this feature reduces the risk of unauthorized access by 99%.
  • Report suspicious profiles: If you find a username that clearly impersonates a legitimate entity, report it to WhatsApp via the 'Report contact' option or by emailing security@whatsapp.com.
  • Stay informed: Follow WhatsApp security updates and news about potential scams. You can check the WhatsApp Help Center for the latest security features.

Context and comparisons

This is not a new problem. On platforms like Twitter (X) or Instagram, impersonation of verified accounts has been recurrent, though with verification systems like the blue check. WhatsApp lacks a verification system for usernames, making abuse easier. The situation recalls the early days of domain names, when cybersquatters registered famous brands to resell or scam. For example, in the 1990s, domains like 'mcdonalds.com' were registered by speculators before the company could. Meta will need to implement measures such as identity verification for official entities or a name claim process. Twitter (X) implemented a blue account verification system to combat impersonation, but even that system has been criticized for allowing fake verified accounts after the switch to Twitter Blue. WhatsApp could adopt a similar approach but with stricter controls, such as requiring official documents for company or public figure names. Additionally, the regulatory context in India is relevant: the government has pressured WhatsApp to comply with traceability and security laws, and this incident could accelerate demands for anti-impersonation measures. Consulting firm Gartner warns that impersonation on messaging apps could cost global companies $1.5 billion in fraud by 2027 if proper controls are not implemented.

Keep reading