Phishing attacks are increasing in frequency and sophistication across Missouri’s cannabis industry. What began as fraudulent emails impersonating trusted companies has escalated into more aggressive and dangerous tactics. Last week, one dispensary’s website was compromised and began actively redirecting visitors to malicious domains containing malware.
At the same time, a new wave of phishing emails targeted licensees across the state. The messages appeared to originate from verified senders at legitimate company domains, including some of Missouri’s most recognized cannabis operators. In several cases, the sender addresses were nearly identical to official email accounts, while others appeared to come directly from actual company servers.
One operator told Greenway that although the phishing emails looked like they were sent from their server, their IT team confirmed the messages were not transmitted through any of the company’s systems. The addresses had been spoofed, using falsified sender information to mislead recipients and gain access to sensitive data or login credentials.
These simultaneous attacks, both through infrastructure and email, demonstrate a coordinated shift in the tactics used by cybercriminals, targeting high-value businesses in a rapidly growing market.
Recent phishing scams have employed increasingly advanced social engineering techniques. Messages often mimic real vendor communications, invoices, or regulatory notifications. Some contain links to login portals or attachments that, when opened, install malware or harvest passwords.
“Attackers are getting better at making their messages look real, impersonating licensees, vendors, even regulatory agencies,” a cybersecurity consultant told Greenway. “Now we’re seeing infrastructure attacks compromising websites and redirecting traffic, and at the same time, phishing emails coming from addresses that look identical to real cannabis businesses.”
Red flags to watch for
-
A website suddenly redirecting to an unfamiliar domain
-
Emails from slightly altered company domains, such as using .co instead of .com
-
Messages requesting login credentials, payment detail changes, or urgent wire transfers
-
Fake login pages mimicking METRC, business email, or banking portals
Updated cybersecurity practices for Missouri operators
1. Monitor your website integrity
Use website monitoring tools like Sucuri, UptimeRobot, or Wordfence to detect malware, redirects, or changes in real time.
2. Implement email authentication protocols
Secure your email domains with SPF, DKIM, and DMARC records to reduce the risk of spoofed messages being delivered.
3. Secure content management systems
Keep plugins, themes, and administrative tools updated. Remove unused access and use strong, unique credentials for admin accounts.
4. Back up websites regularly
Ensure automatic, secure backups of your website files and databases are made daily and stored offsite or in the cloud.
5. Conduct phishing training
Regularly train staff to recognize phishing emails, fake login pages, and suspicious behavior. Use simulations to test awareness.
6. Deploy layered security systems
Use endpoint protection software, spam filters, and firewall configurations to detect and block malicious activity.
7. Designate a cybersecurity lead
Assign responsibility to a specific individual or team for monitoring digital threats, coordinating internal response, and maintaining protocols.
8. Report threats immediately
If your business is targeted or compromised, alert your hosting provider, IT personnel, and the Division of Cannabis Regulation. In severe cases, notify law enforcement.
