Protect Yourself from Cannabis Licensing Scams in Maryland: What to Look For

According to a scam report posted by the Federal Trade Commission on October 6, 2023, Americans lost $2.7 billion in social media scams from 2021 to 2023. The agency also noted that most fraud cases go unreported, so this figure is only a fraction of actual harm. 

However, social media isn’t the only place to be wary. The Federal Communications Commission (FCC) released a warning in 2019 about a phone scam that starts with a postcard. In this scam, a consumer receives a postcard marked urgent, regarding a reward in their name. The consumer calls the phone number and speaks with a representative, who makes the consumer an offer that seems too good to be true: a $100 voucher for purchases at stores and restaurants in the consumer’s area. The consumer simply has to pay a small handling fee via debit or credit card.

Finally, before you say that scams only affect older people, Federal Trade Commission reports suggest that 44 percent of people losing money to fraudsters are between the ages of 20 and 29, more than double the 20 percent of people ages 70 to 79. Everyone needs to be on the lookout for scams that could impact potential social equity applicants, and ways to identify them.

This article will discuss the most recent scam to affect prospective cannabis business owners, a quick method to validate a business, and five ways to identify an untrustworthy website.

Cannabis Business Licensing Scams

As of September 2023, Marylanders in disproportionately impacted areas became the newest targets for a similar mail-based scam.The Office of Social Equity (OSE) and the Maryland Cannabis Administration (MCA) recently released a warning regarding a misleading direct outreach campaign pertaining to MCA’s upcoming licensing round. A mysterious company sent a postcard featuring the same message in English and Spanish, which featured unrealistic promises or guarantees of owning a licensed dispensary at no cost – a glaring red flag.

The MCA/OSE warning reminded Marylanders to “remain vigilant about sharing personal information with unverified entities” and once again provided the details for their technical assistance sessions. 

Cannabis-industry-related scams are not a recent trend in Maryland. As early as 2016, the state received over 20 inquiries about suspect claims from so-called cannabis businesses. Well before doctors were approved to recommend medical marijuana to patients, Marylanders were targeted by scammers offering fake medical cannabis pre-approvals and inauthentic MMJ cards.  In a Reddit post on the popular subreddit r/Maryland, locals discussed receiving “scam postcards” identical to those in the posted warning from “Green Root Cannabis Co.” as well as “Planted Cannabis.” These mailers encouraged them to enter a contest to win a cannabis dispensary license. The postcard provided a phone number with a Baltimore area code, a .org website, and a QR code.

What Happens If You Call

To be better informed, I took it upon myself to see what happens when you engage with this scam. After signing up for a temporary Baltimore phone number using a popular calling app, I dialed the number on the postcard. A robot answered, and a recorded message stated, “Thank you for reaching out regarding the marijuana dispensary licensing opportunity. Unfortunately, at this time, we are no longer accepting new applicants. However, if you are an existing applicant and wish to discuss your application, please select one of the following options to be transferred to your representative…” I tried several extensions, and none of the representatives answered the phone. 

It’s unclear how many people called to take advantage of the opportunity, but according to a Reddit user, someone was answering the phone at one point. Redditor u/Admiral-Union7324 stated they called and spoke with a woman named “MJ.” MJ wouldn’t provide her full name, claimed to be with a company in California, and said their business would pay the initial $5K application fee. u/Admiral-Union7324 tried calling back a few days later and got the same robotic voicemail that I did.

Google Search with Quotation Marks

A simple Google search can prevent consumers from providing personal information to known scammers. Before responding to any solicitation, confirm the company’s reputability by looking for other websites and sources that mention them. 

When using Google’s search function to look up a business, best practice involves the use of quotation marks. When you put a word or phrase in quotes, the results will only include pages with the same words in the same order as the ones inside the quotes. Another common suggestion is to conduct a second search with a keyword such as “scam”, “legit” or “complaints” after the company’s name.

Google Search results for “Planted Cannabis”

A quick Google search of both “Green Root Cannabis Co.” and “Planted Cannabis” were able to net results describing suspicious actions from both companies, including the Reddit post discussed earlier in this article. One of the only Google search results for “Planted Cannabis” pulls up an article describing how Utah residents received a similar postcard that prompted the Utah Department of Agriculture and Food to issue its own warning.

Five Common Signs of an Untrustworthy Website

Keeping your eyes out for some common characteristics of untrustworthy websites can help you identify those that are more likely to be a scam. It’s worth mentioning that online thieves can be experienced, and know how to convincingly falsify websites. It’s reasonable to be suspicious of websites, no matter how legitimate they may appear at first glance. 

Should you decide to visit a solicitor’s website, the following tips will help you identify a site that likely does not represent a real business.

Unsecured Websites

Online security is a significant concern today, with almost constant news of data breaches. Consumers expect businesses to implement strong security measures. If a website collects personal information from potential clients, it must protect it. One of the approaches to keeping a website secure is to use a Secure Sockets Layer (SSL) or security certificate to encrypt sensitive data, as shown above. Not only is this easy to set up on a website, but it’s also affordable. 

Seeing “https:” before a URL is only one indicator of a website’s secure protocol, but this can be spoofed. You can tell that a website’s SSL is verified when the browser displays an icon of a closed padlock in the address bar, as seen above.

No Favicon

A favicon is a small icon that acts as a visual identifier for a website. Favicons are typically the company logo and aim to help users quickly identify the websites they are visiting or those they have bookmarked.

Not having a favicon on a website does not automatically mean that it is a scam. However, it can serve as a warning sign. Scammers usually neglect to create a favicon for their websites since their main objective is to deceive users and vanish.

Sparse Website with Few Details

The websites shown on postcards from suspicious mailers, Planted Cannabis and Green Root, both redirected to the same website, one that only provided a single internal link. Both the “own green root” button on the top and the “click to qualify” at the bottom buttons went to the same page – a form asking for personal information. There are no other links or pages to navigate to on their website. 

Any company advertising business services should introduce viewers to the team behind the brand name and their credentials. This information should be easy to find, read, and digest to provide a sense of trustworthiness. Team members should also be searchable on A company that tells you very little about the business on its website is likely a scam. 

Another thing to look for is a blog page. Fly-by-night companies don’t typically put too much effort into creating a meaningful blog. If they do have a blog page, ask yourself if the content looks to be written by a human. Is it providing valuable, original information?

Poor Design

User experience (UX) matters for companies that plan to stick around! 

One example of poor UX on the Green Root website is the lack of capitalization in their company name – inconsistent with their logo.

Some other common signs of poor UX include:

  • Slow loading;
  • Inconsistent fonts or color schemes;
  • A lack of mobile-friendliness;
  • A lack of tabs or pages; 
  • Scrolling, blinking, or spinning text; or
  • Pages that are difficult to navigate.

If you notice two or more of the above characteristics, be extra cautious about providing personal information on a contact form. 

However, consumers can’t assume their data is secure because they haven’t sent it directly to the company. This point leads to our fifth and final sign of an untrustworthy website…

No Privacy or Cookie Policy

A lack of a Privacy Policy or Cookie Policy is a red flag that a website may be a scam. A Privacy Policy explains how a website collects, uses, and shares user data. A Cookie Policy describes how a website uses cookies to track user activity.

These policies are vital because they help users understand what information they are collecting and how it will be used. Though this may be a harmless oversight, scammers might avoid having these policies in place to omit details about the use of personal data purposely.

High-Quality Service Providers Matter

Are you thinking of entering Maryland’s adult-use cannabis industry? We know the process can be overwhelming. Our team is passionate about making entry into this highly regulated market clear and accessible. Whether you’re just starting or already in the business, our diverse team and strategic partners can help ease the growing pains. If you have any questions or concerns, please don’t hesitate to contact us. We’re dedicated to helping  you establish and maintain a scalable and compliant cannabis business!