Missouri marijuana businesses targeted by phishing scam

Missouri marijuana businesses targeted by phishing scam

Missouri marijuana operators and adjacent businesses have been targeted by phishing scams in recent weeks, with fraudulent emails impersonating some of the state’s most recognizable cannabis companies.

The emails, which claim to contain instructions for payments or inventory updates, appear to originate from active email addresses but often contain formatting inconsistencies and unusual language. Some variations reference working with Canadian companies, adding to the confusion for recipients.

One such email, sent Wednesday, appeared to come from Good Day Farm. Industry professionals have been advised not to open these emails, quarantine them immediately, and report any incidents to their IT departments.

   

Protecting businesses from phishing attacks

Cybersecurity experts warn that phishing scams targeting the cannabis industry are on the rise, as operators handle high-value transactions and sensitive data. Businesses can take several steps to protect themselves from these threats:

  • Verify email authenticity: Before opening attachments or clicking links, confirm the sender’s identity by reaching out to them through an official channel.
  • Look for red flags: Poor grammar, formatting inconsistencies, and unexpected requests for payment or sensitive information are common phishing indicators.
  • Enable multi-factor authentication (MFA): Implementing MFA on email and business accounts adds an extra layer of security, making unauthorized access more difficult.
  • Train employees on cybersecurity: Regularly educate staff about identifying phishing attempts and handling suspicious communications.
  • Report and quarantine threats: If a suspicious email is received, do not engage with it. Quarantine the message, report it to IT security teams, and alert other employees to prevent further spread.

As phishing scams continue to evolve, Missouri cannabis operators should remain vigilant and proactive in safeguarding their businesses against cyber threats. Ensure staff is aware of potential threats and how your company handles individual incidents.