Skip to content

Las Vegas Casino Scam Nets $1.2 million with a Phishing Call

Circa Casino Phishing Scam

Seems hard to believe, but the scammer got cash from an employee!

Ocean’s 11 have some competition. Turns out you don’t need a team of 11 guys, each with a distinct talent, to steal money from a Las Vegas Casino.

All it takes is a guy with a phone and a lot of confidence and boldness. Also, someone on the other side of the call (the “victim”) who seems clueless about cybersecurity. Therefore, they’re very likely to follow orders and perhaps, very gullible.

How a Crafty Scammer talked the Circa Casino into handing over cash.

In the Summer of 2023, the Circa Hotel in Downtown Las Vegas was on the short end of a $1.2 million imposter scam. The con artist actually talked an employee (who handles money in what’s called the cage) into hand-delivering over $1 million in CASH, over several trips.

Absolutely Doable and It's Free.

And the trickery worked.

Simple scam. Significant haul.

This wasn’t at all complicated, unlike the fantastical one from the 2001 movie “Ocean’s 11,” a remake of the one starring Frank Sinatra and “The Rat Pack.” This scam that struck the Circa this year, one that has grown in popularity, is a “phishing scam.”

In this case, as with all business phishing scams, the real victim isn’t the fooled employee; it’s the company they work for.

It was the business they worked for… the Circa Hotel.

Phishing scam + imposter scam = success.

Here is what’s known about the Circa Casino phishing scam:

  • The scammer, a 23-year-old male, did enough homework in advance to get the name—and other information—of the CEO of the Circa Hotel.
  • The scammer likely also did enough research to get the name of someone at the hotel who worked in the casino cage (where they keep all the cash).
  • The scammer simply picked up his phone and pretending to be the CEO, talked to an employee working inside the cage. 

The request (the scam).

What lie did the Circa Casino employee believe…and do?

The story the scammer gave the employee was that Circa needed to buy fire equipment. The CEO impersonator told the cage employee that cash was needed immediately to pay for emergency fire equipment. And that the equipment was necessary because a fire department inspection had found violations.

Of course, none of that was true.

  • The total amount needed would be over $1 million.
  • The CEO impersonator had the employee make four different trips, at different times and days, to deliver the cash. (Evidently, the scammer had an accomplice…a pretend lawyer.)
  • The employee was able to leave the cage where the money was stored on four different occasions…each time with around $300,000 in cash!

The scammer, who has been caught and is even suspected of committing similar crimes at other casinos outside of Las Vegas, used a classic “phishing” tactic. In this case, he used a phone call first, followed by text messages.

How phishing works.

The scammer uses social media and other platforms to gather information on an executive. It’s not as difficult as you might think. After he has compiled a profile of someone important, the con artist targets a different employee at the same company—one who has some ability to make money decision either on their own or on behalf of the boss.

When a con artist specifically targets a con artist, that’s spear phishing

Phishing in Lake Casino.

According to people who are investigating these types of crimes, the target of the scammer (who is always a male) targets an employee who is typically always a woman. (Cybersecurity experts simply say, “that’s just the way it goes.”)

Then the phishing scam follows its pattern, but two things have to happen to make the scam work:

  • The employees hear enough factual information and that the callers are who they say they are.
  • The duped employees feel it’s their duty to carry out the task “the executive” commands them to do.

Unbelievable, shocking…yet successful.

“Simply unbelievable.”

A casino security consultant named Willy Allison, who runs a major conference for the gaming industry, reached out to security directors at other casinos to pass along the story about the Circa.

Those security executives Allison couldn’t believe the true story, and were naturally worried about the same crime happening to them.

When Allison explains the crime in simple terms, it is quite hard to believe it worked.

“An employee in the cage can walk out with $300,000, meet a guy she doesn’t know, and give him the cash? As an ex-surveillance guy who lives and breathes internal controls and procedures, I say there are a lot of gaps to fill in. From the outside, you say, ‘how can that happen?’”

Allison is also worried that technology, innovation, anonymity  and sheer boldness on the scammers’ part is a dangerous trend. On the casinos’ side, complacency is the problem.

He sees the Circa swindle as ridiculous.  “Statistics show every year that casinos are candy stores for robberies,” Allison rants. “Now we’ve gone to the next level where you don’t even have to go into the casino to rob it. You can just call, like for a pizza, and they’ll bring the money to you.

That’s hilarious.”

How phishing scams dupe their victims

Not enough people are aware that phishing actually exists. One estimate says that more than 150 million phishing emails go out daily, with 80,000 people becoming victims. Don’t be one of them. Learn how to spot them and avoid falling prey. Read our 6 tips for avoiding phishing scams.

Related Articles

  • All
  • Easy Prey Podcast
  • General Topics
  • Home Computing
  • IP Addresses
  • Networking Basics: Learn How Networks Work
  • Online Privacy
  • Online Safety
Michael Buraimoh talks about the signs of grooming that everyone should know.

Recognize the Signs of Grooming to Protect Your Child Online

Many parents assume that grooming is something that happens to other kids, not theirs. But that assumption…

[Read More]
Penetration testing is a proactive and systematic approach to evaluating the security of an organization's information systems, networks, and applications.

Why Penetration Testing is Crucial for Effective Cybersecurity

In an era where cyber threats are a constant risk rather than a possibility, businesses cannot afford…

[Read More]
Fake charity scammers may employ high-pressure tactics, such as claiming that immediate action is required or that disaster victims are in desperate need of help.

Flood Victims: Be Aware of Online Scams

It’s not something anybody wants to think about it, but it’s true: scammers prey on people who…

[Read More]
How to know your operating system

How to Check Your Operating System Version: A Comprehensive Guide

Knowing the specific version of your operating system (OS) is crucial for a variety of reasons. The…

[Read More]
Philipp Pointner talks about the evolution of digital identity.

How Digital Identity will Change Being Online

We all know how it works: If you need to prove your identity for some reason, you…

[Read More]
It's important to understand that you are subject to Google's terms of service and privacy policies.

Am I losing the rights to my image by uploading to Google Lens?

Google offers various services that allow users to upload images, including Google Photos, Google Reverse Image Search,…

[Read More]