Suspect Arrested in Connection to $750,000 Social Engineering Theft from Las Vegas Casino

Sam's Town was targeted by an apparent social engineering attack in 2023.
Photo byJRiverarex/Shutterstock

Las Vegas Metro Police have made an arrest in connection to an alleged $750,000 theft using social engineering tactics from Sam’s Town Hotel and Gambling Hall last year. On August 2, authorities took Rosa Barria into custody for her alleged involvement in a scheme to convince a casino employee to give her the money on false pretexts.

The incident allegedly occurred on June 8, 2023, over a year before Barria’s arrest. Around the same time, a string of similar scams led the Nevada Gaming Control Board to issue a warning to all casinos about the threat of social engineering scams in the state and nationwide.

Social engineering is a deliberate manipulation technique that tricks people through deception and social pressure. In a typical social engineering scheme, the perpetrator impersonates a person in a position of power over the victim, such as a senior executive. That strategy aims to make the victim hesitant to refuse requests or ask questions. Ultimately, the goal is to persuade the victim to do something the attacker wants. That might include revealing sensitive information or, in this case, handing over cash.

The Alleged Sam’s Town Casino Scam

Per the Las Vegas Review-Journal’s summary of the Las Vegas Metropolitan Police Department’s arrest report, a casino cage supervisor received a phone call at around 1 a.m. from someone claiming to be the casino’s IT director. The caller told the supervisor they needed the money to pay for a UPS delivery and that her immediate supervisor would contact her to confirm. Soon after, the employee received text messages from someone she believed to be her boss and put the money in a box as requested.

Around 2:45, the cage supervisor left the casino and headed to a North Las Vegas Mexican restaurant, where she met a man and a woman. She gave the money to the woman, who she believed to be a Sam’s Town attorney. While driving back to the casino, the victim began to think she might have been the victim of a scam and informed the casino security.

The police couldn’t identify any suspects until investigating a similar incident at a convenience store in September 2023. Following his arrest, a store employee told police that Rose Barria—a relative of his—and a man had directed him to receive delivery of a box and bring it to a house in North Las Vegas. Police showed the employee images of the suspects in the Sam’s Town case, and the employee identified Barria as the woman in the pictures.

Multiple Social Engineering Attacks on Casinos in 2023

The Sam’s Town arrest is just one of several apparent social engineering attacks on casinos last year. At about the same time as the Sam’s Town incident, Las Vegas police arrested Erik Gutierrez for his alleged involvement in a similar incident. In that case, a Circa casino employee allegedly handed over $1.17 million to someone pretending to be the hotel owner. Similar incidents involving six-figure sums targeted a Colorado commercial casino and a Michigan tribal casino.

However, the most notable instance of social engineering that year was the September cyberattack on MGM Resorts International and Caesars Entertainment. Although those attacks involved malware, social engineering was allegedly the initial attack vector. The perpetrators are said to have called help desk employees and tricked them into providing the high-level systems access necessary to install the malicious software.

Caesars suffered minimal disruption but paid a ransom to the attackers, which was said to be $15 million. In MGM’s case, the attack resulted in some systems being offline for over a week. The company told the Securities Exchange Commission the attack cost it about $100 million in lost profits and almost $10 million in direct expenses.

Two hacker groups were allegedly behind the attack. The first, Scattered Spider, is believed to be responsible for the social engineering component. Another, ALPHV, claimed responsibility for the ransomware. European authorities have arrested two suspects this year in conjunction with the attack, both alleged Scattered Spider members.

Casinos are popular targets for social engineering and hacking attacks due to their ample cash on hand and numerous potential entry points. Most of those weaknesses involve human fallibility and insufficient employee training.

According to the 2024 Verizon Data Breach Investigation Report, 68% of security breaches involved a human element. Most of these fall into the social engineering category. One classic ploy is for hackers to contact a company’s IT help desk and convince them to reset administrators’ multi-factor authentications (MFA). Doing that would, for instance, provide a way to gain the necessary access to carry out an attack similar to the one against MGM and Caesars.

About the Author

Chav Vasilev

Chav Vasilev

After years of managing fast-casual restaurants, Chav turned his passion for sports and occasional slot wins into a career as an iGaming writer. Sharing his time between Europe and the US, he has been exposed to betting and gambling for years and has closely followed the growth in the US. Chav is a proponent of playing responsibly and playing only at legal online sites. When not writing, you will find him watching and betting on sports, especially soccer, or trying to land the next big bonus on a slot.
To Top

Get connected with us on Social Media