This tactic relies on a simple weak point: trust. The malicious file is sent by someone you know, using their stolen account.
If fraudsters are already exploiting phone numbers, can restricting WhatsApp’s username move really protect users from abuse?