I've previously made a suggestion that could potentially work with any messaging system, or indeed directly between two phones (or between a phone and a call centre).
Instead of linking, I'll just paste the basic idea. It should be easy to imagine the same functionality between two usernames in a messaging app.
Dash Message and Payment Exchange Without Usernames or Registration
A no registrations solution that deals with authentication around the time of a transaction rather than before or after. It also hopes to deal with phishing attacks.
1. Person A calls Person B by telephone (mobile or voip, it's not important). Both parties have a dash app running in the background.
2. When Person A initiates the call, their dash app registers with the MN network and it says, "My telephone number is XXX and I'm calling YYY".
3. Every time Person B receives a call, their dash app also registers with the MN network and says, "I am YYY and I've just received a call from XXX".
4. The MN network has now established a two way channel of communication that is open for a maximum of two hours, or until either party hangs up.
5. Both parties can now exchange messages and payments via the MN network.
6. Only Person A (the initiator) can send money to Person B, thus stemming phishing attacks.
7. Only Person B (the receiver) can send files / invoices to Person A, thus limiting malware from Person A.
NOTES:
1. The phone numbers are arbitrary; a company with a switchboard number would simply announces that number to the MN network.
2. When Person B receives a call, the dash app would display how many live connections Person A is making. Thus, Person B might be able to determine if it really is a call centre.
3. To stem spamming, a micro-micro transaction would be paid by Person A (the initiator) when Person B answers the call.
4. It is possible that Person B sends fake documents / invoices to Person A. However, it was Person A that initiated the call, so the onus is on Person A to do their due diligence.
5. The existing methods of using dash would remain as an option (QR codes, usernames etc).