The Nevada Gaming Control Board late Friday released a warning to casinos alerting them to an increase in cybersecurity incidents in the state.
The notice issued by the Board from the Governor’s Technology Office follows the recent cyberattack against Wynn Resorts, in which the operator said employee information was obtained by hackers. The notice said incidents, including phishing and voice phishing, also called vishing, have been observed across organizations and critical Nevada industries.
Cybersecurity was a major focus of last week’s World Game Protection conference in Las Vegas. An FBI cybersecurity expert even warned casinos to be vigilant against attacks.
Phishing typically uses deceptive emails, texts, or links to trick someone into revealing credentials, financial information, or other sensitive data, according to the notice from Adam Miller, deputy director for the Office of Information Security & Cyber Defense within the Governor’s Technology Office
Vishing uses phone calls or voicemail to create the same pressure, often by impersonating a trusted organization, executive, vendor, or technical-support contact.
“In light of this activity, all staff are encouraged to heighten cyber awareness and remain vigilant in daily operations,” Miller said. “This is especially important when handling requests involving account access, password resets, wire transfers, changes to payment instructions, sensitive records, or any action that relies on identity verification. Please do not take shortcuts in authentication or verification processes. A request that appears urgent, routine, or familiar may still be fraudulent. Attackers often rely on urgency, impersonation, and human trust to bypass normal controls.”
The notice recommended several actions to be taken immediately.
• Reconfirm internal procedures for verifying unusual or high-risk requests.
• Require staff to use known contact information, not call-back numbers or links provided in a
suspicious message.
• Verify requests for payments, credential resets, or sensitive data through a second independent channel.
• Reinforce with staff that urgency is not a reason to bypass established controls.
• Review multi-factor authentication settings and strengthen them where feasible.
• Encourage prompt internal reporting of suspicious emails, calls, texts, and unusual login or account activity.
Among reminders for staff, the notice said be cautious with unexpected emails, text messages, and attachments; do not click links or open files unless you are confident the message is legitimate; be wary of callers who pressure you to act immediately, keep a request secret, or override normal approval steps; never share passwords, MFA codes, or account recovery information by email, text, or phone; and when in doubt, stop, verify, and escalate.
