The Nevada Gaming Control Board (NGCB) has issued a warning to all casinos in the state about a recurring scam happening in Nevada and nationwide. The scam is a social engineering ploy targeting casino cage employees, with the most serious known incident to date having cost the targeted casino $1.17 million.
The NGCB bulletin does not mention where that incident occurred. However, the value matches news reports of an instance of alleged fraud at Circa Resort & Casino in downtown Las Vegas.
According to NGCB, the criminals impersonate high-ranking casino executives. “Social engineering” is a premeditated form of manipulating people through social pressure. Impersonating someone in a position of authority is a common ploy, as it makes the victim hesitant to ask questions or refuse requests. The goal of social engineering is to trick the target into performing a desired act, such as revealing sensitive data or, in this case, handing over cash.
The fraudsters would allegedly instruct cage employees via PBX call (internal telephone system) to withdraw cash from the casino cage. A text message to the employee’s personal phone would often follow the call.
The message would supposedly be from a second supervisor confirming the instructions. The employee would be asked to take the cash offsite for supposed emergency payments on behalf of the casino.
According to NGCB, the scam is highly sophisticated and has been successful in defrauding casinos. To make the story convincing, scammers first gather information about the casino’s owners, executives, employees, and managers involved in financial operations.
They exploit this information to manipulate cage employees by instilling fear of negative consequences for refusal while emphasizing the supposed urgency of the offsite payment. They may also offer the employees a bonus for performing the unusual task. This sort of carrot-and-stick approach is also a common feature of social engineering schemes.
Casinos Advised To Revisit Security and Educate Staff
The NGCB warned that the scam is constantly evolving. Investigators have noticed a shift in tactics by the scammers to target gaming pits and other casino areas.
The board strongly advised all casinos to review their security protocols about removing cash from the premises. The board also urged casinos to educate all relevant personnel, including cage cashiers, supervisors, managers, surveillance, security, and gaming pit staff, about this type of fraud.
Furthermore, NGCB added that the technology used by scammers is improving, so its effectiveness could be higher. That’s why casinos must evaluate if changes in security protocols might be necessary to avoid further incidents.
Las Vegas Police Make Arrest in $1.17 Million Incident
A few weeks before NGCB’s communication to casinos, Las Vegas Metro Police made an arrest connected to the $1.17 million incident mentioned in the memo.
According to court documents, on June 17, Las Vegas Metro Police responded to a report of a potential scam at the Circa Resort & Casino.
The hotel’s security office reported that an unidentified individual had contacted the casino cage. He pretended to be the hotel’s owner and requested $320,000. The money would ostensibly be for an emergency payment to the fire department.
During the police investigation, the cage supervisor stated that they had received a phone call from someone claiming to be the hotel owner. This person informed the supervisor that the fire department needed to inspect the fire extinguishers. The money requested would be for additional safety devices.
Believing that they were speaking to the hotel owner and texting their manager, the cage supervisor handed over the money in four separate transactions at different off-site locations.
The total amount paid was $1,170,000, consisting of payments of $314,000, $350,000, and $500,000, along with three smaller deposits.
The following day, officers arrested a man by the name of Erik Guttierez, who was charged with theft over $100,000. Police later recovered $850,000, but what happened to the rest of the sum was not mentioned.
Social Engineering Scams Occurring Across the Country
NGCB’s warning comes after an increased number of social engineering scams across the country. One notable example includes the biggest casino theft in Colorado’s history. On Mar 12, police arrested a casino employee for stealing $500,000 from the vault of Monarch Casino in Black Hawk, about 30 miles west of Denver.
Sabrina Eddy, a cashier at the casino, was arrested in the case. She claimed she did nothing wrong and was a victim of a social engineering scam. Eddy said she received a call from the head of operations. Then she got a text from a cage supervisor to take the money to a hospital in Denver.
Commercial casinos are not the only victims of scammers.
In a memo sent last week, the National Indian Gaming Commission echoed Nevada authorities. The commission shared similar bits of advice and warnings and used an example from a tribal casino. In that case, the scammer presented themselves as a tribal official.
They requested that the casino employee remove a large sum from the casino’s vault. Then, the victim would deliver and deposit the cash to a Bitcoin kiosk nearby. The victim would then send the generated QR code from the transaction to the scammer. The scammer requested that the victim be on the phone during the whole process.