diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2bd8a57ee37..41779ac32e5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,9 @@
 # Release Notes for Craft CMS 5
 
+## Unreleased
+
+- Fixed a potential phishing attack vector.
+
 ## 5.6.5.1 - 2025-02-04
 
 - Fixed an error that could occur when saving elements with nested elements on multi-site installs. ([#16609](https://github.com/craftcms/cms/issues/16609))
diff --git a/src/elements/User.php b/src/elements/User.php
index e0dd55a6731..b9924f7b454 100644
--- a/src/elements/User.php
+++ b/src/elements/User.php
@@ -1039,7 +1039,7 @@ protected function defineRules(): array
         ];
 
         $rules[] = [
-            ['fullName', 'firstName', 'lastName'], function($attribute, $params, Validator $validator) {
+            ['fullName', 'firstName', 'lastName', 'username'], function($attribute, $params, Validator $validator) {
                 if (str_contains($this->$attribute, '://')) {
                     $validator->addError($this, $attribute, Craft::t('app', 'Invalid value “{value}”.'));
                 }