The possibilities of metaverse come with their attractions. But they will also have significant consequences for cybersecurity and fraud. In the next 5 years we will inevitably move to the meta-verse. Businesses will thus have to focus on security and regulatory issues. They must ensure that end users are protected against metaverse fraud.
Invented by science fiction writer Neal Stephenson over 30 years ago, ‘the meta-verse’ is 2022’s biggest buzzword. It is a focal point for a ‘cyber world’ where we will use a ‘digital identity’ to work and interact socially. Metaverset has managed to attract big brands like Epic Games, Microsoft and Apple. Most notably, Facebook renamed Meta and invested $ 10 billion in the project.
However, new technologies are often associated with high levels of risk. And the meta-verse is no exception. Scammers have already begun to take advantage of this new online universe. We explain some of the metaverse scams that can occur.
Examples of metaverse scams and scams
Any organization that offers crypto-based services and individuals that venture into the metaverse and the broader adjacent crypto ecosystem are faces various risks. Many of the issues discussed below have existed before crypto even existed, in virtual worlds such as The Sims, World of Warcraft and Second Life.
Account Acquisitions (ATO)
Account Acquisition is a form of online identity theft. A cybercriminal gets illegal unauthorized access to an account belonging to another. We can cite traditional methods such as fishing to access accounts that contain currencies or NFTs.
The crypto is known for its transparency due to blockchain’s open journal information. However, once a transaction is made, it is almost impossible to undo it.
Metaverse and multi-account scams
Scammers can seek that create multiple accounts on a particular metavers platform for money laundering or attempt to abuse campaigns.
Metaverse scams and fake reviews
False reviews damage the brand’s reputation massively. For example, a targeted attack by fake reviews via bots can easily scare consumers and lead to decrease in the price of a token.
Influencer and Affiliate Fraud
A famous example of crypto influencer fraud case the stories of celebrities like Elon Musk and Jeff Bezos hacked as part of a bitcoin scam. A similar thing could take place in the metaverse.
Managing assets online, even in digital format, makes room for typical scenarios seen in the e-commerce industry. To quote only chargebacksreimbursement and other settlement disputes.
The unregulated nature of NFTs and cryptography can promote fraud schemes in larger markets. They can also generate issues of copyright and intellectual property.
Users often trade tokens without actually engaging in the platform itself to make money. The carpet pulls and the honeypot scam is something to be wary of.
Carpet cover or carpet cover
New technology brings opportunistic bad actors, perhaps the most famous is a digital token inspired by the Netflix series Play squid which was introduced as a metavers play-to-earn game. SQUID digital currency turned out to be a complete scam. It lost all its value almost instantly, the developers are fleeing by all means.
Metaverse scams and data breaches
Email hacking is a global problem. As technology becomes more and more accessible, metaverse platforms need to ensure the protection of their users’ data so as not to not lose consumer confidence.
Cisco Talos Intelligence Group: Metaverset already creates new opportunities for cybercriminals
A new type of cyber attack is addictive smart contracts that runs automatically when certain conditions are met. In theory, smart contracts guarantee that a buyer will receive a digital asset like an NFT when they submit payment. But scammers created malicious smart contracts who do not do what they say they do.
“We see malicious smart contracts where they requires you to approve a transaction. But in fact, you are running a feature that provides a third party access to all tokens and cryptocurrency in your wallet “, said Jaeson Schultz, Technical Manager of Talosone of the largest commercial threat intelligence teams in the world.
“It’s very easy for people to fall into the trap. In fact, very few people will take the time to read the smart contract, even if it is published ”.
Talos researchers also saw cybercriminals mimic trusted brands. Then they get people to spend money. For example, an Ethereum user claimed domain names like wellsfargo.eth. This can open the door to scams where they mimic these brands to cheat people. And because the blockchain architecture is decentralized without a single administrator, there is none no possibility to return these domains to their rightful owners.
What solutions to stop metaverse scams and scams?
Fraud prevention is one constant struggle. In fact, scammers will always try new methods of cheating companies and people. But there are some things platforms can do to block scammers before they have a chance to test the new frontier.
Browser and device fingerprint
Be able to identify the device configuration from anyone can see emulators, virtual machines and bots. Invisible devices should be another indicator of potential risk. With more hardware in use, including VR headsets, computers and mobile phones, you know the devices, client location and configuration can be a very simple way to spot misalignments and potential risks.
Digital fingerprint analysis
Viewing a user’s digital fingerprint is especially useful when users sign up. By simply using an email or a phone number, companies can check the validity of accounts. In fact, most honest users will have some form of online footprint, whether it is presence on social media or activity on the web platform.
Find out the IP address of an honest user identify an incompatibility should immediately trigger an alarm signal.
Dual approval (2FA)
Some services may require two-factor authentication requirements in case of discrepancy. This adds friction, but protects users better in certain situations.
Metaverse creators should offer users ability to link offline identities to their metaverse by leveraging modern identity verification technologies. This will ensure that people have the opportunity to confirm to the meta-world that they are who they say they are. That facial biometrics is an effective solution to this problem. In fact, the technology can verify a person during registration and improve the ongoing authentication.
At the same time is detection of liveliness is also significant. When a person’s selfie is paired with an image on their registered ID or biometrics, the liveliness checks to see if they are actually there, and not just a person with a screenshot.
AI’s power to detect scammers has been proven. New research shows that computers are much better than humans at identifying whether a face is real or a parody. With Research SuperCluster (RSC)an artificial intelligence supercomputer, reportedly up to 20 times faster than existing supercomputers, Meta has enough power to support hyperscale biometric technology during the registration process.
They should also channel this power into technologies that will enable them to do so moderate content in scale and to authenticate users through their passage through the metaverse.
The multi-layered defense
The best way to prevent fraud and scams in the meta-verse is to stay ahead with a multi-layered defense. It has to be business leaders aware of ever-changing rules and new attacks to provide adequate protection.
Thanks to innovative technologies such as that machine learning and artificial intelligence, the wealth of data available to businesses can help identify and stop threat actors through device fingerprint, two-factor authentication, and fast, hassle-free user fingerprint scanning. Leaders need to stay diligent with a focus on risk management. The transition to the new online world can only happen smoothly if you remain aware of the risks.
About smart contracts
Jaeson Schultz, mentioned above, recommends people or companies to do business in the metaverse Avoid sharing information about the assets they ownwhich could make it a target for scammers.
“Buyers should too read smart contracts carefully before signing them “, he added. Ideally, people who perform transactions should transfer the exact amount of cryptocurrency to a separate wallet instead of connecting to their primary wallet.
There is a lot of hype and opportunities on the metaverse. And metaverse companies can make a lot of money and completely change the way we socialize.
But in their early days, it is crucial for these platforms to sfocus as much on their risk management practices as on new features. On the contrary, the general public will quickly lose confidence and therefore all interest in the metaverse.
Use of industry experience which has grown tremendously in recent years, such as eSports, iGaming and cryptography, should help these companies understand the typical risks associated with new technologies who accept alternative payment methods.