News > Internet & Security The Metaverse Is Coming and Security Risks Are Tagging Along You need to be ready for unique virtual threats By Sascha Brodsky Sascha Brodsky Senior Tech Reporter Macalester College Columbia University Sascha Brodsky is a freelance journalist based in New York City. His writing has appeared in The Atlantic, the Guardian, the Los Angeles Times and many other publications. lifewire's editorial guidelines Published on April 6, 2022 10:06AM EDT Fact checked by Jerri Ledford Fact checked by Jerri Ledford Western Kentucky University Gulf Coast Community College Jerri L. Ledford has been writing, editing, and fact-checking tech stories since 1994. Her work has appeared in Computerworld, PC Magazine, Information Today, and many others. lifewire's fact checking process Tweet Share Email Tweet Share Email Internet & Security Mobile Phones Internet & Security Computers & Tablets Smart Life Tech Leaders Home Theater & Entertainment Software & Apps Social Media Streaming Gaming Women in Gaming The metaverse could be a hotspot for cybercriminals, experts warn. Microsoft's head of security recently said that hackers could impersonate users to steal credentials or launch ransomware attacks. Users who want to join the metaverse right away should ensure that they have enabled multi-factor authentication on their accounts to prevent the easiest account takeover methods. Weiquan Lin / Getty Images As the metaverse skyrockets in popularity, experts warn that the shared online space poses many security risks. Hackers could impersonate users to steal credentials or launch ransomware attacks. Microsoft's head of security Charlie Bell recently said in a blog post that the novelty of the metaverse could pose challenges. "In the metaverse, fraud and phishing attacks targeting your identity could come from a familiar face—literally—like an avatar who impersonates your coworker, instead of a misleading domain name or email address," Bell wrote. Meta Threats The metaverse concept is pitched by companies ranging from Meta to Microsoft as a place where users can communicate, work and play inside virtual worlds. But Bell said the seemingly familiar faces would present some unique security risks. "Picture what phishing could look like in the metaverse—it won't be a fake email from your bank," wrote Bell. "It could be an avatar of a teller in a virtual bank lobby asking for your information. It could be an impersonation of your CEO inviting you to a meeting in a malicious virtual conference room." Users are more likely to trust people in the metaverse because they are dealing with an avatar's representation of an actual human, Rizwan Virani, the CEO of Alliant Cybersecurity, told Lifewire in an email interview. "If an online account is compromised, it may lead to more serious consequences because of this heightened trust," Virani said. Talos, tech giant Cisco's intelligence group, recently published a report that found the potential for malicious activities in the metaverse. One area of concern that researchers pointed to involves cryptocurrency. The ability to inspect the contents of any crypto wallet address in the metaverse could allow hackers to trick unsuspecting users into believing they are dealing with a verified organization, such as a bank. "The metaverse is the next iteration of social media, and identity in the metaverse is directly tied to the cryptocurrency wallet that [is] used to connect," the report's author Jaeson Schultz wrote. "A user's cryptocurrency wallet holds all of their digital assets (collectibles, cryptocurrency, etc.) and in-world progress. Since cryptocurrency already has over 300 million users globally and a market capitalization well into the trillions, it's no wonder that cybercriminals are gravitating toward the Web 3.0 space." The metaverse holds privacy risks as well. Users should expect their publicly available data to be scraped by intelligence agencies, law firms, and hiring firms, cybersecurity expert and IEEE senior member Kayne McGladrey said in an email interview. Eugenio Marongiu / Getty Images "User accounts with easily guessed passwords and a lack of multi-factor authentication will be breached and used for either impersonation or theft of NFTs," McGladrey said. "And users can expect that multiple foreign intelligence agency troll farms will continue to produce content to sway public opinion and elections, a job which will be made easier by the biometric tracking inherent in modern VR headsets." Staying Safe To stay completely safe, McGladrey advises that you wait to consider joining the metaverse. Eventually, he predicts, a congressional investigation of metaverse security and privacy practices will force changes in response to the "inevitable breaches." But social media managers, brand advocates, and early NFT speculators may not want to wait before jumping into the metaverse. Those who want to join the metaverse right away should ensure that they have enabled multi-factor authentication on their accounts to prevent the easiest type of account takeovers, McGladrey said. In the future, the metaverse could bring its own unique threats that take advantage of the anonymity afforded by the platform. Recently, the "deepfake," one of the newest types of misinformation attacks that uses a form of artificial intelligence called deep learning to make images of fake events, was deployed during the war in Ukraine to perpetuate a false Ukrainian surrender, Virani noted. "This same technology could be exploited in the metaverse, making it impossible to verify if you are really conversing and doing business with the human supposedly on the other side of the technology," Virani said. Was this page helpful? Thanks for letting us know! Get the Latest Tech News Delivered Every Day Subscribe Tell us why! Other Not enough details Hard to understand Submit