The $1.2 Million Vegas Casino Scam: A Phishing Heist

Ocean’s 11 have some competition. Turns out you don’t need a team of 11 guys, each with a distinct talent, to steal money from a Las Vegas Casino. All it takes is a guy with a phone and a lot of confidence in his real crazy scam and boldness. Also, someone on the other side of the call (the “victim”) who seems clueless about cybersecurity. Therefore, they’re very likely to follow orders and perhaps, very gullible. How a Crafty Scammer talked the Circa Casino into handing over cash. In the Summer of 2023, the Circa Hotel in Downtown Las Vegas was on the short end of a $1.2 million imposter scam. The con artist actually talked an employee (who handles money in what’s called the cage) into hand-delivering over $1 million in CASH, over several trips. And the trickery worked. This wasn’t at all complicated, unlike the fantastical one from the 2001 movie “Ocean’s 11,” a remake of the one starring Frank Sinatra and “The Rat Pack.” This scam that struck the Circa this year, one that has grown in popularity, is a “phishing scam.” In this case, as with all business phishing scams, the real victim isn’t the fooled employee; it’s the company they work for. It was the business they worked for… the Circa Hotel. Phishing scam + imposter scam = success. Here is what’s known about the Circa Casino phishing scam: The request (the scam). The story the scammer gave the employee was that Circa needed to buy fire equipment. The CEO impersonator told the cage employee that cash was needed immediately to pay for emergency fire equipment. And that the equipment was necessary because a fire department inspection had found violations. Of course, none of that was true. The scammer, who has been caught and is even suspected of committing similar crimes at other casinos outside of Las Vegas, used a classic “phishing” tactic. In this case, he used a phone call first, followed by text messages. The scammer uses social media and other platforms to gather information on an executive. It’s not as difficult as you might think. After he has compiled a profile of someone important, the con artist targets a different employee at the same company—one who has some ability to make money decision either on their own or on behalf of the boss. When a con artist specifically targets a con artist, that’s spear phishing . According to people who are investigating these types of crimes, the target of the scammer (who is always a male) targets an employee who is typically always a woman. (Cybersecurity experts simply say, “that’s just the way it goes.”) Then the phishing scam follows its pattern, but two things have to happen to make the scam work: A casino security consultant named Willy Allison, who runs a major conference for the gaming industry, reached out to security directors at other casinos to pass along the story about the Circa. Those security executives Allison couldn’t believe the true story, and were naturally worried about the same crime happening to them. When Allison explains the crime in simple terms, it is quite hard to believe it worked. “An employee in the cage can walk out with $300,000, meet a guy she doesn’t know, and give him the cash? As an ex-surveillance guy who lives and breathes internal controls and procedures, I say there are a lot of gaps to fill in. From the outside, you say, ‘how can that happen?’” Allison is also worried that technology, innovation, anonymity  and sheer boldness on the scammers’ part is a dangerous trend. On the casinos’ side, complacency is the problem. He sees the Circa swindle as ridiculous.  “Statistics show every year that casinos are candy stores for robberies,” Allison rants. “Now we’ve gone to the next level where you don’t even have to go into the casino to rob it. You can just call, like for a pizza, and they’ll bring the money to you. That’s hilarious.” Not enough people are aware that phishing actually exists. One estimate says that more than 150 million phishing emails go out daily, with 80,000 people becoming victims. Don’t be one of them. Learn how to spot them and avoid falling prey. Read our 6 tips for avoiding phishing scams.