WhatsApp is preparing to roll out usernames this year, the first time the platform will let people message each other without sharing phone numbers. India’s government has now told Meta to pause the WhatsApp username feature and explain, inside three days, how it plans to stop fraud.
The Ministry of Electronics and Information Technology cited phishing, digital arrest scams and impersonation as the risks WhatsApp has to address before the feature goes live for Indian users. WhatsApp says the feature is optional, will ship gradually later this year, and includes safeguards against impersonation and repeated guessing attempts.
How the WhatsApp Username Feature Works
WhatsApp announced the feature on its newsroom in June, calling it a “major privacy” step that lets users connect “without giving away” their phone numbers. With over three billion people on the platform, the company opened reservations this week so users can pick a handle ahead of the gradual rollout later this year. Creators, small businesses and organisations can also claim the username they already use on Instagram or Facebook, where one is available.
The feature is optional. Users still need a phone number to register, and that number stays linked to the account behind the scenes. New contacts will see the chosen username instead of a number, if the user opts in. To reach someone by username, the sender must know the exact handle, since WhatsApp says there is no directory to browse and no suggestions. A second optional layer, called a “username key,” can also be required before a first message goes through.
The Three-Day Pause Order
The Ministry of Electronics and Information Technology issued a notice to WhatsApp’s chief compliance officer directing the company not to launch the feature in India until consultations are complete. It gave Meta three days to explain, with documents, “why regulatory action ought not to be initiated” for releasing a feature that, in the government’s view, “may increase cybercrimes.”
The notice said the change could “materially increase” incidents of online fraud, phishing, digital arrest scams and impersonation by making it easier for malicious actors to reach victims. It also flagged the risk of usernames resembling those of public authorities, financial institutions and government agencies. Meta was reminded that as a “significant social media intermediary” it is bound by due-diligence rules under the IT Act, 2000, and the IT Rules, 2021, covering impersonation, identity theft and tracing first originators where lawfully required.
A WhatsApp spokesperson told Indian press that the usernames feature has not yet gone live and will be rolled out gradually later this year. The company said users will still require a phone number and that usernames are “designed to add another layer of privacy rather than replace existing account verification.” Public figures, government entities, celebrities and verified Meta accounts will have their usernames reserved, with lookalike variants blocked. WhatsApp added that it has built limits on how many new users an account can contact, protections against repeated guessing attempts, and systems to detect impersonation and abuse.
Meta told CNBC it will reserve the highest-profile usernames for their legitimate owners and withhold lookalike derivatives of known names to protect against impersonation. The company said users will be notified inside WhatsApp when usernames go live in their country.
India’s Fraud Numbers Behind the Pause
The MeitY notice lands on a sharply worsening fraud picture. Cybersecurity incidents reported in India rose from 10.29 lakh in 2022 to 22.68 lakh in 2024, according to the PIB backgrounder on cyber fraud. The Citizen Financial Cyber Fraud Reporting and Management System, run by I4C under the Ministry of Home Affairs, had saved more than Rs 8,690 crore across more than 24.65 lakh complaints as of January 31, 2026.
Meta’s own Adversarial Threat report in March found online scam syndicates targeted users in India more frequently than any country other than the United States. CNBC reports India has more than half a billion WhatsApp users, a scale that brings regulatory attention to any identity change on the platform. I4C has blocked 3,962 Skype IDs and 83,668 WhatsApp accounts linked to cyber frauds, per the same PIB release. More than 9.42 lakh SIM cards and 2,63,348 IMEIs linked to fraudulent activities have already been blocked.
- Cybersecurity incidents in India: 10.29 lakh (2022) to 22.68 lakh (2024), per PIB backgrounder
- Rs 8,690 crore saved across more than 24.65 lakh complaints via CFCFRMS as of 31 January 2026, per MHA
- 83,668 WhatsApp accounts linked to cyber frauds blocked by I4C, per PIB release
- More than half a billion WhatsApp users in India, per CNBC
Cybersecurity Leaders Name Six Risks
India’s cybersecurity community has begun weighing the username feature against the country’s fraud record. Kanishk Agrawal laid out six risks for WhatsApp users in remarks carried by NDTV’s coverage of the rollout.
- Impersonation through lookalike usernames. A handle that resembles a bank, employer or close friend, off by a single letter or underscore, could make impersonation far easier to pull off.
- More convincing phishing. Messages asking for OTPs, PINs or banking credentials gain credibility when the sender’s username appears to be a known contact.
- Harder-to-detect brand spoofing. Customer support scams posing as banks, e-commerce platforms, delivery apps or payment apps become harder to spot without visible phone numbers.
- AI-driven social engineering. Cloned voices, generated images and realistic AI-written conversations raise the success rate of scams that ask for money transfers.
- Reduced accountability. Hiding phone numbers could make it harder to trace pranksters, scammers and malicious actors, complicating investigations.
- Faster scaling for fraud networks. Syndicates that already manage thousands of fake digital identities may register usernames in bulk and run larger phishing campaigns across regions.
Privacy and security must evolve at the same pace as our digital identities.
Kanishk Agrawal, Chief Technology Officer at Judge Group India, made the remarks in NDTV’s coverage of the WhatsApp username rollout. “Today’s cybercriminals manipulate people rather than only hack devices,” he said, with every new digital identity creating a “fresh attack surface” for impersonation and phishing. His advice across the list is consistent: verify identities outside WhatsApp before any money moves, never share OTPs over chat, prefer verified business accounts and enable two-step verification. Business leaders face similar AI-driven privacy and cybersecurity risks when generative tools land in the enterprise.
Convenience, Agrawal said, must not come at the cost of trust. He told NDTV that strong platform verification, user education and proactive cybersecurity strategies will be essential as usernames go live. India has more than half a billion WhatsApp users, the largest national base on any messaging platform.
How Users Can Prepare Before Usernames Ship
India’s existing fraud-reporting infrastructure offers a partial playbook. The National Cyber Crime Reporting Portal, run by I4C, lets citizens file cyber crime complaints with a special focus on offences against women and children, and pairs with the dedicated 1930 helpline for financial fraud. WhatsApp itself recommends turning on two-step verification and reviewing privacy settings before opting into usernames.
Several of Agrawal’s specific suggestions map to existing WhatsApp controls. The two-step verification setting sits under Account in WhatsApp’s settings menu, and privacy controls let users decide who can see profile photos, status updates and last-seen timestamps.
New contacts reaching out by username will land in the chat list without revealing a number. The first line of defence stays the same as it has been: treat unsolicited messages as guilty until verified. Meta has told the Indian government that usernames will ship later this year with safeguards already built in.
Meta has until its deadline expires to file a detailed response with supporting documents. The pause applies only to India; the username feature is still rolling out gradually elsewhere this year.
Frequently Asked Questions
When will WhatsApp usernames launch in India?
WhatsApp has not set a specific launch date for India. The MeitY notice directs the company not to launch the feature until consultations with the government are complete, and Meta has told reporters the feature will roll out “gradually later this year” globally. Indian users can already reserve a username through Settings.
Do WhatsApp usernames replace phone numbers?
No. A phone number is still required to register a WhatsApp account and stays linked behind the scenes. Usernames are an optional alternate handle that new contacts can use to reach you if you have enabled the feature. You can still share your number the way you always have.
Why did India ask Meta to pause the username rollout?
MeitY said in its notice that usernames could “materially increase” online fraud, phishing, digital arrest scams and impersonation, and asked Meta to explain within three days why regulatory action should not be initiated. The notice cited the risk of usernames that look like public authorities, financial institutions or government agencies.
What should users do to stay safe when usernames go live?
Verify identities outside WhatsApp before any money changes hands, never share OTPs or banking credentials over chat, prefer verified business accounts, and enable WhatsApp’s two-step verification. Report suspicious messages through the National Cyber Crime Reporting Portal at cybercrime.gov.in or by calling the 1930 helpline.
How do I reserve a WhatsApp username?
Update to the latest version of WhatsApp, then go to Settings, then Account, then Username. You can also claim your existing Instagram or Facebook username on WhatsApp if it is available. WhatsApp will notify users inside the app when usernames are live in their country.





