By
Jane Shaw
Senior Editor Updated: 12/30/2023
We count on Jane to inform our readers about the latest slot games in the US market. With her passion for video games and a degree in engineering, she’s our gambling tech expert. Jane’s also active in our blog section, where she tackles the curiosities and changes in the industry.
Bally’s Evansville
Bally’s Evansville, a notable casino in Indiana, has become the latest victim of an email phishing scheme. The casino was scammed out of more than $212,000, a massive financial loss for the establishment. This incident is one of many recent cybersecurity incidents in the iGaming industry showcasing the need for enhanced security.
Bally’s Evansville was a victim of a sophisticated email phishing scam, and officials at the casino alerted the Evansville Police Department as soon as they discovered what had happened. The scam began with a phone call to the casino’s executives from an individual claiming to be from a construction firm working with the casino. They informed Bally’s of a change in their work email and provided a new email address for further communications.
The scam unfolded when Bally’s Evansville received an email from this new address, including an invoice for construction work. Trusting the authenticity of the email, the casino transferred $212,671 to the bank account listed in the email. It was only later that the casino realized the entire interaction – the phone call, email, and banking details – was part of a well-planned phishing scam. The Evansville Police Department is actively investigating the case, but no further details have been released.
Bally’s Evansville is a significant player in the regional gaming market, with a 45,000-square-foot gaming floor, over 900 slot machines, various table games, and a sportsbook. It was purchased from Caesars Entertainment by Gaming & Leisure Properties, Inc. in 2011, and is now seen as a landmark along the Ohio River.
This incident at Bally’s Evansville is part of a worrying trend of cybercrimes targeting casinos. In recent months, several high-profile brands have been hit by cyber criminals. This includes the likes of MGM Resorts and Caesars Entertainment. Stake.com was also targeted by North Korean hackers. These incidents have included everything from data theft to fraud to operating disruptions – causing devastating financial loss to those involved.
For example, MGM Resorts experienced significant operational disruptions after refusing to pay a ransom to a cybergang that had infiltrated its IT systems. The FBI has even issued a Joint Cybersecurity Advisory to casinos about Scattered Spider, a cybercriminal group, urging them to employ extra security measures and improve their IT security measures. They released the advisory:
In response to recent Scattered Spider threat actors against the commercial facilities sectors and subsectors.
However, the Bally’s Evansville case differs from typical cyberattacks as it involved social engineering rather than direct hacking. It’s unclear how many employees were involved in transferring the funds, or what kind of verification checks were in place to verify the recipient of the funds.
The recent phishing scam is not the first scandal to hit Bally’s Evansville. Earlier this year, a former pit supervisor at the casino was fired and charged with operating an illegal poker room. Edward Hill, aged 53, was accused of running “Ed’s Poker Club,” which saw increased activity during the COVID-19 pandemic when the casino was closed. Hill faces multiple felony charges and is currently awaiting trial.
What’s more, in August 2023, the casino caught Shatanya Bennett, a woman on the state’s casino exclusion list, for attempting to use a counterfeit $100 bill. Bennett was charged with various offenses, including counterfeiting and cheating at gambling.
Jerry SmithApril 24, 2024Read More
Jane ShawApril 22, 2024Read More
Jerry SmithApril 20, 2024Read More
Jane ShawApril 17, 2024Read More