WhatsApp Strengthens Username Verification to Prevent Phishing Attacks
Meta is enhancing the security of WhatsApp's new username feature following serious warnings from global cybersecurity agencies about a surge in impersonation risks. The update will require users to verify their identity through linked Facebook and Instagram accounts for official and organizational usernames, aiming to prevent misuse and phishing attacks. This change supports WhatsApp's shift from phone numbers to usernames, designed to increase user privacy by allowing contact without revealing personal phone numbers.
Concerns arose after tests revealed that sensitive usernames linked to official institutions, such as "IDF_SPOKESPERSON" and "MisradHapnim," were easily accessible to anyone through simple keyboard shortcuts or letter substitutions. This vulnerability alarmed security experts because WhatsApp is a key communication channel for many service and support centers.
In response, Israel's National Cyber Directorate formally addressed Meta, emphasizing the risks of fraud and demanding stronger protection mechanisms. Similarly, the Indian government, representing WhatsApp's largest market with approximately 850 million users, called for an immediate halt to the feature's rollout until verification processes are secured.
Meta has begun deploying a significant security update that mandates users reserving usernames linked to their social media presence to authenticate ownership via the "Account Center." Additional safeguards include detecting unusual contact patterns and limiting the number of new contact requests a user can send in a short period. For iPad and Android tablet users, WhatsApp introduced a new settings interface to designate devices as primary and independent units, reinforcing the app's evolution into a more secure social platform.
These measures aim to reduce the risk of sophisticated phishing messages that could impersonate trusted entities like banks, exploiting WhatsApp's high user trust compared to platforms like Telegram.