Stayed At An MGM Property? Here’s How The Cyberattack Affects You
A cyber attack viscously targeted MGM Resorts International this past week, causing many operational systems to malfunction or to shut down.
According to an article by cybersecurity publication Dark Reading, people were unable to get into their rooms with the electronic keycards, gambling machines were down, and social media showed people in pain-staking lines waiting to check in or out from the hotels. Along with that, every “cash out” on the video machines — think of slots, video blackjack, etc. — had to be hand-paid out by an employee because no cash vouchers were available.
On Sept. 11, MGM resorts issued a statement saying, “MGM Resorts recently identified a cybersecurity issue affecting some of the Company’s systems. Promptly after detecting the issue, we quickly began an investigation with assistance from leading external cybersecurity experts. We also notified law enforcement and took prompt action to protect our systems and data, including shutting down certain system.”
After that, MGM released another statement a few hours after its initial one. This statement said, “Our resorts, including dining, entertainment and gaming are currently operational, and continue to deliver the experiences for which MGM is known.”
However as of Wednesday, the websites for MGM Resorts International and the accompanying properties were still down.
According CyberNews.com, there has been information that ransomware group ALPHV/Blackcat are the ones allegedly responsible for this cyberattack.
A post on X (formerly Twitter) by ransomware and malware collective vxunderground said, “All ALPHV ransomware group did to compromise MGM Resorts was hop on LinkedIn, find an employee, then call the Help Desk. A company valued at $33,900,000,000 was defeated by a 10-minute conversation.”
There hasn’t been official confirmation from MGM whether or not this was a ransomware attack. But, Dark Reading’s article states that the widespread outages and distributions are pointing toward evidence of this being a coordinated ransomware attack. But, there are still other reasons why this could have happened.
What To Do If You Stayed At An MGM Property
If you stayed at any MGM property in the past few months like the New York-New York Hotel & Casino, The Luxor, ARIA Resort & Casino, Bellagio Hotel & Casino, MGM Grand, Park MGM and more then this cybersecurity issue may affect you.
It’s unclear how much or even IF the attacks caused a massive data breach. In a statement issued to Fox 5, MGM said it took prompt actions to “protect our systems and data.”
A video from loved Las Vegas-content creator VegasStarfish said that some guests are reporting strange charges on their credit card.
For those who may have stayed at an MGM property currently or in the past, be sure to pay attention to your credit card transactions.
According to the National Cybersecurity Alliance, it’s important to keep monitoring these financial records. Even platforms like Paypal, Zelle, Venmo, etc. can be compromised.
“Use credit cards whenever possible, because you won’t be liable for fraudulent charges,” The National Cybersecurity Alliance said.
Also if you have rewards and an account connected with BetMGM or MGM Rewards then pay attention to any information, emails and passwords that are connected with those applications.
If sensitive information has been leaked, you will most likely receive some sort of warning or communication (most likely an email) that tells you about a data breach. If you think your information has been compromised then immediately contact your bank. If you notice weird charges on your credit or debit card then it would probably be a wise idea to get completely new cards.
Banks, credit unions, etc. usually have resources like credit monitoring and other security measures that can help safeguard against further identity theft. Be in communication with your bank and let them know about your situation. There are fraud-protection features usually on your banking app that can help how to assess the next steps to secure your information.
Also, it’s not a bad idea to change passwords and enable two-factor authentication for apps or accounts with important information.
Overall, cyberattacks and security breaches happen more often than you would think. Don’t get “breach fatigue” and keep your security in mind when shopping, going on vacation, etc. Don’t panic if something happens. You can take preventative measure. But if it happens, it happens. Take a deep breathe and remember that everything will be OK.
10 Most Common Cybercrimes According to the FBI
1. Credit card fraud
Canva
– Total loss in 2020: $129,820,792
– Total victims in 2020: 17,614According to the FBI, “Credit card fraud is the unauthorized use of a credit or debit card, or similar payment tool (ACH, EFT, recurring charge, etc.), to fraudulently obtain money or property.” Criminals can gain access to credit and debit card information in identity theft schemes or by stealing them from websites that aren’t secure. Anyone can be targeted when it comes to credit card fraud.
A digital payment survey by American Express found 42% of consumers reported having been a victim of credit card fraud with someone attempting to use their credit card or other payment information. Protection comes with vigilance and taking steps like only purchasing from reputable sources and ensuring transactions are secure when sending credit card information via the internet. Other steps to protect yourself include not sharing credit card numbers, reviewing your monthly credit card bill, setting up text alerts on your phone so you receive reports of suspicious credit card activity, and trusting your instincts—if something appears too good to be true, it probably is.
2. Tech support fraud
Rocketclips, Inc. // Shutterstock
– Total loss in 2020: $146,477,709
– Total victims in 2020: 15,421This type of fraud can occur when a tech support scammer reaches out to offer services to protect or fix your computer. They may try to entice consumers to click on pop-ups that warn of security issues and provide a phone number to call. They may also ask for access to your computer or credit card information.
According to the Internet Crime Report 2020, at least 66% of the victims of this type of fraud were over the age of 60. The best way to protect yourself from this type of scam is to ignore pop-ups and avoid calling any numbers, restarting your computer, or clicking on any links. They could contain malware that allows scammers to access your computer or credit card information.
3. Personal data breach
Canva
– Total loss in 2020: $194,473,055
– Total victims in 2020: 45,330A personal data breach is a security breach where protected, sensitive, or confidential information is transmitted, processed, stolen, or viewed by an individual or party who is not authorized to do so. Many types of personal information can be compromised in a breach such as credit card information, email addresses, and other sensitive information. Data breaches can happen when a hacker accesses a computer and steals files, through ransomware or malware attacks, phishing scams, or denial of service.
Preventing a personal breach is possible though. Creating complex passwords and changing them frequently, setting up account alerts, using multifactor authentication, and shopping with a credit card are all helpful steps to prevent such breaches and to keep your personal information safe.
4. Real estate fraud
Canva
– Total loss in 2020: $213,196,082
– Total victims in 2020: 13,638Loan flipping is a predatory practice that happens when a lender convinces a homeowner to repeatedly refinance their mortgage, accruing high fees and points with each refinance. It is just one type of real estate fraud to watch out for. Escrow wire fraud, rental scams, moving scams, and foreclosure relief also qualify as real estate fraud.
Homebuyers and real estate agents should be especially diligent. Keep personal information secure, use licensed lenders and realtors for all transactions, never pay upfront fees for home services, and educate yourself on how to spot a scam. Be aware of anyone pressuring you to make quick decisions, and be wary of improper documentation and requests for wire transfers of large sums of money.
5. Spoofing
Canva
– Total loss in 2020: $216,513,728
– Total victims in 2020: 28,218Spoofing occurs when a cybercriminal attempts to present themselves as another person, company, or entity, such as a trusted source like a bank, to gain access to personal information or commit other malicious acts. They can do this in a variety of ways from spoofing websites, phone numbers, and email addresses to spoofing Domain Name Servers (DNS), Address Resolution Protocol (ARP), or IP addresses.
To detect website spoofing, make sure the website uses the HTTPS encryption prefix and includes a padlock, and look for errors in spelling or broken links, or suspicious contact information. Email spoofing can also be detected by looking for errors or suspicious-looking attachments or links, which should not be clicked. Protecting yourself from this type of cybercrime means remaining aware, regularly changing passwords, calling and following up before submitting personal information online, and avoiding opening attachments or clicking on links that appear suspicious.
6. Identity theft
REDPIXEL.PL. // Shutterstock
– Total loss in 2020: $219,484,699
– Total victims in 2020: 43,330Identity thieves steal personal information using various methods, including malware, social engineering, and phishing. Once they have this information, they take over the person’s identity and conduct malicious and fraudulent activities like applying for jobs, and opening credit cards and other accounts, in that person’s name.
During the COVID-19 pandemic, unemployment benefits were a target for identity thieves. There are several types of identity theft including tax, financial, medical, senior, employment, and even child. Protection comes with awareness, and there are several simple steps people can take to stay safe. Monitor your credit, use passwords that are not easy to guess and change them often, use security software on your computer, and use a digital wallet.
7. Non-payment and non-delivery scams
Canva
– Total loss in 2020: $265,011,249
– Total victims in 2020: 108,869These cyberscams were the second most reported crime, according to the FBI’s IC3. Non-delivery occurs when paid-for items aren’t received. Non-payment occurs when items aren’t paid for even though they have been shipped.
Avoid getting caught in these types of scams by securing tracking numbers when ordering online, only buying from reputable websites that utilize the HTTPS encryption prefix, being cautious when purchasing merchandise from outside your country, using credit cards to pay for things online—and making sure to always check credit card statements. Experts suggest using extra caution online during the holidays.
8. Investment fraud
Jacob Lund // Shutterstock
– Total loss in 2020: $336,469,000
– Total victims in 2020: 8,788The illegal or purported sale of financial instruments is considered investment fraud, according to the FBI. Ponzi schemes, pyramid schemes, advance fee schemes, and market manipulation are all types of investment fraud. Scammers often target elderly people—particularly older men who take risks—because they tend to have pensions and other retirement plans, according to a research study by AARP. Affinity fraud is another type of investment scam that targets members of specific groups like ethnic or religious communities.
To protect yourself and your investments, do your research and only work with companies and professionals that are legitimate. When dealing with countries outside of the one you live in, be cautious, make sure to understand terms and conditions, and do not be afraid to ask questions.
9. Confidence fraud
GaudiLab // Shutterstock
– Total loss in 2020: $600,249,821
– Total victims in 2020: 23,751Confidence fraud finds a scammer assuming an online identity to befriend someone or forge a personal connection. The scammer can gain the victim’s trust over months or years before attempting to access their bank account or other personal information, or ask them for money or gifts. One such scam involves an offer of free money. Elderly people are a common target for such scams, according to the FBI, who believe that this may be due to their trusting nature, their potential financial savings, and the fact they often don’t report the crime because they don’t know how to or they are ashamed.
Never give financial information to anyone you haven’t met face-to-face or whom you’ve only met online, and take the time to check out whether the person connecting with you is legitimate. One way to do this is by performing a reverse image search on photos.
10. Compromised email
Canva
– Total loss in 2020: $1,866,642,107
– Total victims in 2020: 19,369Weak passwords, clicking on malicious links, or downloading a file or app you shouldn’t can lead to a compromised email—as can phishing scams or forgetting to log out on a shared computer. A hacked email also increases the risk for other types of fraud like credit card or bank account fraud or identity theft. Once your email is compromised, hackers can take over and log you out of your own email or use your email to send spam or other malicious content to your email contacts or to access accounts.
Criminals target both businesses and individuals in this type of scam, but there are several steps to prevent a compromised email. Make sure to log out of your email account everywhere, especially on public computers. Block phishing and spoofing attempts by typing a website’s URL instead of entering through an email link, use caution at public hotspots, and don’t log into email or other unsecured sites. Additionally, never open email attachments that appear suspicious or that are from people you do not know.
