The ALPHV/BlackCat group has claimed it hacked MGM after targeting one of the company’s employees on LinkedIn as part of a social engineering attack. The art of tricking human beings has been leveraged to a previously unimaginable level through the use of now ubiquitous technologies, from email to AI. In days past, the threat was from “conmen” and their “confidence schemes.” If you’ve seen the Oceans 11 films, you’ve got some idea of the high-level concepts, albeit at Hollywood levels of exaggeration. Most scams have occurred at more pedestrian levels, but the conmen still had to identify and develop individual marks and then move forward with a gullible victim. The modern conmen using social engineering can cast a net at large numbers of targets at the same time, and steal massive sums when successful.
But the basic concepts behind cyber social engineering have been harnessed by criminals since time immemorial, and against the modern gaming industry since it emerged. Over the years casinos and law enforcement have grappled with a large range of social engineering, or “confidence,” scams and still do. A recent crime against a Vegas casino makes the point.
“Downtown Las Vegas’ biggest hotel was swindled out of $1.17 million (in June) after an employee was duped into believing she was delivering bags of cash to two men at four different locations on behalf of one of the hotel’s owners,” reported the Las Vegas Review-Journal.
In social engineering terms, this would be a “fraudulent instruction” scam.