GanjaMask is a threat actor identified in early 2022 that leverages Google Maps to create mostly fraudulent listings of legitimate Cannabis dispensaries or fake dispensaries entirely intended to deceive consumers for financial gain.
How They Defraud Consumers
GanjaMask defrauds consumers by enticing them with fast delivery service, even in states where Cannabis delivery hasn’t been legalized. Once an order is placed, the fraud begins:
- If the website allows for credit card submission, it often declines and is likely retained for future fraudulent transactions or sale on the dark web.
- The threat actor will contact the consumer from a VoIP-based number, claiming to be the delivery driver, and ask them to submit a payment via Zelle, Venmo, or cryptocurrency for them to receive their order.
- After some time has passed, depending on the order, they may contact again saying additional money is required.
- If a consumer begins to suspect, they block the consumer or disconnect the VoIP number used in the scam, or in some cases, redirect the calls to the company they are misrepresenting.
This scam can be particularly effective for the threat actor because of the short window consumers and banks often have to recall payments made via instant payment methods. Plus, any other information collected could be re-sold on the dark web or reused for fraud at a future date. By the time consumers realize they have been defrauded and contact their financial institution, they may have no recourse.
The Impact on the Cannabis Industry
As a growing industry, the confusion around what is legal in each State or municipality, and the limits around advertising can make it difficult for consumers to confidently know who they can purchase legal Cannabis from and how.
So, consumers often turn to search engines to help them locate a dispensary. Unfortunately, since Google allows anyone to claim they operate a dispensary, it enables threat actors such as GanjaMask to create these fake listings fast. They then bolster these listings with fake reviews to improve the chance of defrauding a consumer. Some listings are even ones from defunct Cannabis dispensaries or other business accounts they were able to gain access to, then change to a Cannabis dispensary.
Once a consumer happens upon these fake listings, they feel rightfully cheated or deceived and may be less likely to trust the brand that was fraudulently represented despite it not being performed by the brand. If their consumption is largely recreational, it may dissuade them from trying again until they locate one through their daily travels. Ensuring prospective or existing consumers avoid these fraudulent listings is important for protecting the reputation of any Cannabis brand.
Google, for its part, has not been very effective in seeking to manage the problem of fake profiles or fake reviews beyond offering a way for users to report it. Even then, there is a significant effort that has to be made to take down the listing. Tools such as requesting evidence of licensure or leveraging the licensing records of various municipalities could go a long way in helping to mitigate this problem. Until then, it’s largely the various targeted brands or consumers who were scammed or identified the fraudulent listings, who are tasked with addressing this problem.
How to Spot the Typical Fraudulent Listing
A typical fraudulent listing from GanjaMask on Google Maps will attempt to leverage one or more Cannabis companies’ brands or mimics common keywords to rank as a legitimate dispensary. Here are some other things to look out for:
- There are misspellings in the information.
- There will often be an inconsistency between the display name and the website URL.
- The hours of the business are often 24 hours a day, 7 days a week.
- Always offers delivery services.
- Includes the sale of other drugs or narcotics still barred from commercial sale.
- Images posted are of generic bud pictures, or are copied from another cannabis company listing. An easy cross-verification is to review the street view of the photos.
- The fake dispensary will sometimes be adjacent to a legitimate dispensary in an attempt to overrank the real dispensary.
- Reviews are often unnatural in language, full of grammatical errors, and either never name the actual dispensary or appear to be a copy/paste of the name. They are often overly positive.
- Reviews may claim to have “visited” the dispensary but then shows shipping containers.
While a listing could surmise any number of these factors, with a little effort, it is quick to identify which are legitimate, and which are fake.
How to Spot the Fake Dispensary Websites
The fake dispensary websites are similarly easy to identify, such as the one below:
While they often change up their look depending on how long the site has been in service, and the impact they’ve had from Information Security and Law Enforcements efforts to take them offline. Here are a couple of easy identifiers:
- The images are either largely generic in natural. If they align with a brand, they often don’t align with the brand the website claims to be.
- They have a chat service.
- Text copy on the website often mentions “best delivery service” and only mentions the brand initially.
- Contact information often doesn’t match the claimed dispensary.
- They offer drugs and narcotics that are not legal for commercial sale.
- The website are largely registered through domain registrar NameSilo and use a short list of gmail.com addresses.
- Websites are often hosted offshore in Germany or another location.
How to Protect Your Customers and Patients
To help protect your customers from this threat actor, keep an active lookout for misrepresentations of your brands in search engines and map sites. Using online reputation services that monitor for typosquat domains can help you get ahead of the abuse.
Consider regularly reminding your customers on your social media channels or websites of the dangers of fake listings and work to make it easy for them to identify your legitimate listings.
If you identify fake listings on Google Maps, report them by clicking “Suggest an Edit” on the listing, for the reason indicate “Misleading“. Create a screenshot of the listing, and mark it up in Paint or your favorite Graphics Editor and include why it’s fraudulent, and then submit it with the report. It may take several attempts. In the meantime, consider adding a comment that it’s a fraudulent dispensary listing. Lastly, maintain an unmodified screenshot of the listing, and the website it directs to, and report it to the FBI’s Internet Crime Center via www.ic3.gov or to the Cannabis ISAO for reporting.
Feature Photo from Pexels by Stephan Müller.
The work done to track this threat actor has been a collective effort from various practitioners both in and out of the Cannabis industry.