On the web, you should watch out for phishing emails claiming to be from your boss, asking you to verify information on a link and report back.
“In the metaverse, fraud and phishing attacks targeting your identity can come from a familiar face – literally – like an avatar impersonating your colleague, instead of a domain name or email address. misleading emails”, Charlie BellMicrosoft’s chief security officer, said in a blog post Monday, March 28 th).
Bell went on to warn, writing that a new generation of scams will accompany users into immersive three-dimensional worlds when they put on virtual reality (VR) headsets and log into the Metaverse.
Read more: What is a metaverse and why do we organize a fashion show?
He is not the first to send this message, nor the only one to do so.
On February 18, China’s Banking and Insurance Regulatory Commission issued a similar warning of fraudulent activity in the metaverse, pointing to everything from outright inconveniences like rug pulls – which project developers get away with. with funds from investors – to the sale of fake “land” in various metaverse projects.
See also: China warns of metaverse scams
That means yes, a scammer can, and likely will, try to sell you the Brooklyn Bridge – well, at least one non-fugible token (NFT) image of the Brooklyn Bridge, built on NFT parcels of real estate the seller doesn’t own. not .
Related: PYMNTS NFT Series: What are NFTs and why are they the new “next big thing?” of Crypto?
What’s old is new again
“Some new experiences using headsets and mixed reality will be in your face — literally — but other implications will be harder to spot,” said Bell, Microsoft executive vice president of security, compliance, identity and management. “There is an inherent social engineering benefit to the novelty of any new technology.”
Bell warned that fraud is a cycle that has been seen since the beginning of the internet with counterfeit domain names pretending to be real brands. This happened again with Wi-Fi, and again when smartphones caused companies to adopt bring your own device policies.
“One of the dangers of the metaverse is that although virtual land and property are not real, their monetary value is,” Alexei KhitrovCEO of ID R&D, an artificial intelligence (AI) based biometric authentication company, wrote in the information age. “When purchased, they become real assets linked to your account. Therefore, fraud no longer looks like it used to.
Khitrov cited the example of someone spending $450,000 on NFT land next to early metaverse adopter Snoop Dogg set up in The Sandbox. And hackers have, in fact, stolen NFTs like CyberPunks and Bored Ape Yacht Club avatars worth six and seven figures.
Read more: PYMNTS NFT Series: NFTs target the collector market with avatars and celebrities
Virtual door lock
Bell highlighted three areas of concern that companies moving into the metaverse, or simply doing business there, should be wary of. The first, he said, is that criminals go after identity first.
“Play this forward and imagine what phishing might look like in the metaverse,” he said. “It will not be a fake email from your bank. It can be the avatar of a cashier in the lobby of a virtual bank asking for your information. It could be an impersonation of your CEO inviting you to a meeting in a malicious virtual conference room.
Bell highlighted techniques such as multi-factor authentication (MFA) and passwordless identification. Khitrov, meanwhile, suggested that AI-powered facial biometrics — the same core technology as facial unlocking tools in smartphones — is an ideal tool to counter the threat.
Bell’s second area of concern is interoperability. With more and more metaverse projects springing up – from Meta’s future Facebook to blockchain-based VR landscapes like Decentraland and The Sandbox – it’s critical that companies can work across all platforms securely.
Security experts must “understand the terrain of the metaverse as adversaries do – and use it to our advantage,” Bell said.