Microsoft published an article on the Metaverse and security. In the article they talked about identity being the first priority and how fraudsters might phish in the Metaverse will not be any of the old ways.
From the article:
Identity is where intruders strike first
For years fraudsters have claimed to be deposed princes with fortunes to share, or sweepstakes hosts desperately trying to reach you, but the advent of email and text messaging re-franchised these schemes for the digital world.
Play this forward, and picture what phishing could look like in the metaverse. It won’t be a fake email from your bank. It could be an avatar of a teller in a virtual bank lobby asking for your information. It could be an impersonation of your CEO inviting you to a meeting in a malicious virtual conference room.
This is why solving for identity in the metaverse is a top concern. Organizations need to know that adopting metaverse-enabled apps and experiences won’t upend their identity and access control. This means we have to make identity manageable for enterprises in this new world.
Constructive steps include making things like multi-factor authentication (MFA) and passwordless authentication integral to platforms. We can also build on recent innovations in the multicloud arena, where IT admins can use a single console to govern access to multiple cloud app experiences their users rely on.