Pinpoint Tech

Bespoke IT Solutions

Phishing Scams in Missouri (2024–2025) – How to Spot Them and Train Your Staff

  • Blog
  • Cybersecurity, Education IT, healthcare cybersecurity, local government security, Missouri, phishing, phishing scams 2025, security awareness training, small business IT security, staff training
Phishing scams are skyrocketing in Missouri – even small towns like Chillicothe aren’t immune. In this in-depth post, we expose the latest phishing schemes hitting SMBs, healthcare practices, schools, local governments, and residents in 2024–25. From fake Medicare record requests to clever business email scams, find out what’s at stake. More importantly, learn how to train your staff to recognize and resist these attacks. Empower your team with phishing awareness and build a human firewall around your organization!

Table of Contents

The Rising Tide of Phishing in Missouri (2024–2025)

Phishing scams are on the rise across Missouri and the U.S., targeting everyone from small businesses in Chillicothe to large healthcare systems in Kansas City. In fact, for the second year in a row, email is the number one method scammers use to contact victims. Phishing emails, texts, and even phony letters in the mail are deceiving Missourians into handing over money or sensitive information. In March 2025, for example, Chillicothe police warned of blue postcards labeled “Immediate Response Needed” that pretended to be mortgage notices – an obvious phishing ploy to steal loan information. The threat is not limited to individuals: state and local government agencies in Missouri have suffered cyberattacks initiated by phishing, such as a Jackson County ransomware attack in April 2024 (one of 18 government attacks already that year).

Phishing is big business for cybercriminals. The FBI’s Internet Crime Complaint Center received over 320,000 phishing reports in 2024 – a jump from previous years. Nationwide, Americans lost staggering amounts to phishing-related fraud; imposter scams (many initiated via phishing emails or calls) cost U.S. consumers nearly $3 billion in 2024. Missouri is far from immune. One 2024 study even found Missouri had one of the highest phishing email “failure” rates (i.e. people clicking or replying when they shouldn’t): Missouri employees were tricked by 17.9% of phishing simulations, topping the charts for credential-stealing emails. Clearly, phishing scams are hitting close to home.

The good news? Many of these breaches are avoidable if people are trained to spot and avoid phishing attempts. In this post, we’ll explore the most prevalent phishing scams affecting Missouri in 2024–2025, focusing on key sectors Pinpoint Tech serves – SMBs, healthcare, education, local government, and even home users. Then we’ll outline how to train your staff (or family members) to recognize and defeat these scams.

Small Businesses (SMBs): Big Targets with Limited Resources

Phishing scams don’t discriminate by business size. In fact, small and medium businesses are often at higher risk because they have fewer cybersecurity defenses in place. Cybercriminals know SMBs may lack dedicated IT teams, making employees the last line of defense. Common scams targeting Missouri SMBs and organizations in 2024–25 include:

  • Business Email Compromise (BEC): In a BEC scam, a hacker impersonates a trusted contact (like a CEO, vendor, or client) via a spoofed email account. They might request a fraudulent wire transfer or fake invoice payment. BEC scams are extremely costly – $2.94 billion was lost to BEC attacks in 2023 in the U.S., second only to investment fraud. Missouri businesses have seen BEC attempts such as spoofed emails claiming to be from a supplier or even from the “boss” asking staff to purchase gift cards. These targeted phishing emails often slip past spam filters because they contain no malware, just social engineering.
  • Fake Invoices and Quotes: Scammers send phony invoice emails to accounting or billing departments, hoping an employee will pay the attached “bill” without verifying it. Alternatively, “vendor” phishing emails may ask the business to update banking details for payments – which actually redirects funds to the scammers. Busy small business offices, especially those without strict processes, can be tricked by these official-looking messages.
  • Account Compromise & Data Breaches: Attackers might phish an employee’s email or Microsoft 365 login, then use that access to steal data or attack customers. Most successful cyberattacks on businesses begin with someone clicking a malicious email link or attachment. For example, a worker might open a PDF attachment titled “Urgent_review_Q1.pdf” that secretly installs malware. Once hackers have stolen a user’s password or installed malware, they can access sensitive data or even deploy ransomware.

SMBs in Missouri have been hit hard by these tactics. From local shops in Chillicothe to farms in north-central Missouri, no business is “too small” to phish. Criminals often target industries that rely on email for orders or billing, such as retail, professional services, and manufacturing. (Notably, manufacturing and retail saw a rise in phishing with malicious QR codes in 2024 – 29% of phishing emails in those sectors contained QR code links, an emerging trend called “quishing.”)

Training small business staff is crucial to fight these scams. Many SMBs have limited IT security budgets, but security awareness doesn’t have to be expensive. The U.S. Cybersecurity & Infrastructure Security Agency (CISA) emphasizes that even simple training can dramatically reduce risk for resource-limited businesses. We’ll cover specific training steps in the “How to Train Your Staff” section, but key points for SMBs include: regular phishing simulations, clear procedures for verifying payments, and using technical safeguards like spam filters and multi-factor authentication. The bottom line is that with the right awareness, your employees can become a human firewall to protect your business.

Healthcare: Protecting Patient Data from Phishing Attacks

Healthcare practices – from small clinics to regional hospitals – are prime targets for phishing. Medical organizations hold valuable patient data (medical records, Social Security numbers, insurance info), making them lucrative for identity thieves and ransomware gangs. Unfortunately, studies show healthcare is the most “phishable” sector: in one 2024 phishing simulation report, medical and healthcare services had the highest email failure rate (12.9% of phishing emails fooled staff – about 1 in 8).

Recent phishing scams hitting healthcare in Missouri and beyond:

  • Fake Medical Record Requests: In mid-2024, the Centers for Medicare & Medicaid Services (CMS) warned of a phishing scam targeting clinics’ medical records. Criminals sent fraudulent fax and email requests for patient charts, posing as Medicare. The requests often looked official – referencing “Medicare.gov” and claiming they needed records to “update insurance.” In reality, it was a ploy to steal sensitive patient info. Missouri’s Department of Health echoed this alert to rural health providers, noting telltale signs: unfamiliar fax numbers, poor grammar, and awkward logos on the request. If office staff aren’t trained to spot these signs, they could fax out private records to scammers.
  • Credential Phishing for EMR Systems: Phishing emails to healthcare employees sometimes impersonate IT support or software vendors, asking users to “verify” their login or reset a password. The goal is to steal credentials for systems like electronic medical records (EMR) or patient portals. With a nurse’s or front-desk login, attackers can access a trove of patient data. Healthcare staff under pressure (e.g. during a busy Monday clinic) might click such an email if it looks urgent or threatens account closure.
  • Ransomware Infections via Phishing: Many ransomware attacks on hospitals start with a simple phishing email opened by an employee. Missouri has had its share of healthcare breaches. For instance, in late 2024, a healthcare provider in Missouri (along with one in Georgia) had to notify tens of thousands of patients after hackers accessed their network – the breach was first detected on September 2, likely initiated via a malicious email. Healthcare ransomware incidents lead to downtime that can literally put lives at risk. Training staff to recognize suspicious emails can prevent that initial foothold.

Healthcare phishing can also exploit patients and the public. The Missouri Senior Medicare Patrol (SMP) frequently warns about Medicare-themed scams. These include phishing emails or calls pretending to offer new benefits or “free” genetic tests, but really aiming to steal Medicare numbers or insurance info. Medical offices should not only train their employees, but also educate patients (especially seniors) about such scams.

Tailored training for healthcare staff is essential. Front-desk receptionists, nurses, billing specialists, and doctors all should be aware of phishing risks. Key training points for healthcare include:

  • Verify before you comply: Instruct staff never to release patient records or sensitive info in response to an unsolicited email or fax without verification. As CMS advises, if an unexpected request for records comes in, contact the supposed requester at a verified number or through secure portals instead of the provided contact.
  • HIPAA and Phishing: Emphasize that protecting patient privacy (a HIPAA requirement) includes being vigilant about phishing. A breached account can lead to a reportable HIPAA incident. Framing phishing training as part of compliance can encourage medical staff to take it seriously.
  • IT Policies: Use technical controls where possible – for example, require unique logins (no shared accounts), implement multi-factor authentication on email/EMR systems, and keep software updated. However, technology won’t stop an employee from being tricked, so continuous awareness is key. In the next section, we’ll discuss general staff training tactics that definitely apply to healthcare teams.

Education: Securing Schools and Universities Against Scams

Schools, colleges, and universities in Missouri face unique phishing challenges. Educational institutions are lucrative targets for attackers because they hold loads of personal data (students and employees) and often have aging or patchy security systems. From K-12 school districts in rural Missouri to large universities like Mizzou, the education sector has seen a surge in cyber threats. K-12 schools in particular have been plagued by ransomware and phishing. The U.S. government notes that cyberattacks on schools (including phishing and data breaches) are an “increasingly significant” problem, leading to disrupted classes, stolen data, and big financial costs for districts.

Notable phishing scam trends in education:

  • Fake Administrative Messages: Faculty and staff have reported phishing emails impersonating school leadership. For example, a scam email might appear to come from a principal or university chancellor, asking the recipient to quickly buy gift cards for “student rewards” or click a link to a new policy. In one 2023 case at Washington University in St. Louis, phishers even impersonated the Chancellor via text message to trick employees. The authority of the sender makes targets less likely to question the request.
  • Student & Parent Phishing: Schools also see scams targeting students or parents. Common ones include phony “job offer” emails to students (promising easy campus jobs, but really seeking bank info), or fake financial aid and scholarship scams sent to families. With the rise of remote learning, students are online more and can be phished via their school accounts.
  • Tech Support and Software Scams: Educational institutions use many software platforms (Learning Management Systems, email, library systems). Scammers take advantage by sending emails that pretend to be IT support or software updates. For instance, a teacher might get an email saying “Your Office365 license has expired – login to renew,” which is a phishing site. Or, an email claims “New VPN configuration – download attachment,” which contains malware.

The consequences of successful phishing in schools range from stolen personal data (sometimes sold on the dark web) to crippling of school IT systems. Missouri schools have had incidents where systems were down for days, forcing a return to pen-and-paper attendance and disrupting learning. As one example outside Missouri, a school district’s dispatch system was down for nine days after a cyber incident – these disruptions often begin with a simple phishing email that lets ransomware in.

Training and awareness in the education sector need to extend to all staff – not just IT, but teachers, office assistants, and even bus drivers who use email. Some best practices:

  • Annual and Ongoing Training: Many Missouri school districts now require annual cybersecurity awareness training for faculty and staff. But it shouldn’t stop at yearly videos; regular refreshers and phishing simulation tests help keep educators on their toes. Staff should learn the signs of phishing (unfamiliar senders, typos, urgent demands, suspicious links, etc.) and practice reporting them. The SchoolSafety.gov guidance recommends practicing good cyber hygiene like recognizing and reporting phishing attempts, and exercising incident response plans.
  • Student Education: While “training your staff” is the focus, schools should also pass knowledge to students, especially older ones, about phishing and scams (in age-appropriate ways). For instance, high schoolers can benefit from short lessons on how to spot phishing emails or texts – protecting them and reducing load on IT when fewer student accounts get compromised.
  • Policies and IT Measures: Enforce school policies such as not using personal email for school business, and never emailing sensitive student data without encryption. Technologically, ensure that staff email systems have spam filters and that any external email is clearly marked (many districts tag external emails with a warning banner). Encourage staff that if they see a suspicious message, they should report it to the school’s IT department immediately for analysis – better safe than sorry.

Missouri’s MOREnet (the Missouri Research and Education Network) actually provides cybersecurity training resources to member schools, including phishing simulations. Tapping into such resources can greatly improve a school’s phishing defenses at low cost. The key takeaway: in education, awareness and vigilance across the entire school community are paramount to stop phishing.

Local Government: Safeguarding the Public Sector

City and county governments, as well as other public agencies in Missouri, have bulls-eyes on their backs for phishing attacks. The stakes are high: a single employee falling for a phish can lead to city services going offline or citizen data being stolen. We’ve already mentioned the ransomware attack on Jackson County, MO in 2024 that disrupted tax payments and public records systems. Nationwide, local governments have been hit by a wave of ransomware tied to phishing, with 18 attacks on U.S. state/local governments reported in just the first quarter of 2024. Many Missouri municipal offices, from county health departments to small-town city halls, are staffed by people who wear many hats – cybersecurity may not be top of mind. Hackers see that as an opportunity.

Phishing scams and tactics in the government sector:

  • Government Impersonation Emails: Ironically, scammers often pretend to be other government agencies when phishing officials or the public. A recent campaign by hacking group TA4903 targeted U.S. government employees by impersonating agencies like the Department of Transportation and Small Business Administration. They sent PDF attachments that contained malicious QR codes; when scanned, the QR code led to a phishing site mimicking an official portal, tricking victims into entering their login credentials. Local government staff in Missouri might receive an email like “Action Required: Update Your Federal Vendor Profile” with authentic logos but a fake login link. Without training, it’s easy to be fooled by the legitimacy of these emails.
  • Vendor and Procurement Scams: City and county offices deal with many vendors. Phishers exploit this by sending fake bid proposals, invoices, or budget allocation messages. For instance, a county clerk might get an email seemingly from a regular supplier saying “Invoice past due, see attached”. If the clerk opens an infected attachment or enters credentials into a fake site, the attacker gains entry. Given that governments often publicly list contracts and contacts, scammers can personalize phishing content (spear phishing) to be very convincing.
  • Citizens as Targets: Local governments also need to warn the citizens they serve about phishing. In Missouri, government impostor scams directed at residents are rampant – everything from fake IRS emails about “tax refunds” to scammers posing as county assessors offering property tax relief (with an upfront “fee”). The FTC reported that losses to government impostor scams nationally rose to $789 million in 2024, highlighting how common these phishing calls/emails are. Public agencies can help by pushing out fraud alerts (like many Missouri sheriff’s offices do on Facebook) so residents don’t take the bait.

Training and defense for local government staff:

Local government employees should undergo regular security awareness training just like private-sector employees. In fact, Missouri’s State Auditor in recent years has pushed for all state agencies and county offices to implement security awareness programs. Some best practices:

  • Mandatory Phishing Training and Tests: Make phishing awareness a part of the job. Many government units now send periodic simulated phishing emails to staff to test and reinforce their skills. Results often show improvement over time, but also reveal who might need extra coaching. Remember, in one analysis, government agencies had an email failure rate around 10.8%, and local municipal offices 9.2% – there is room to improve through training.
  • Multi-layered Security: Government IT teams should implement multi-layered defenses (as CISA and others urge). This includes technical safeguards like email filtering, attachment sandboxing, and multi-factor authentication (MFA) on accounts. But it also means having clear procedures: for example, if an email requests a money transfer or sensitive data, require that staff verify via a secondary channel. A quick phone call could stop a fraud in its tracks. Cultivate a culture where employees feel responsible for reporting odd communications, rather than assuming “IT will catch it.”
  • Incident Response Prep: Given the high impact of an attack on public services, employees should know what to do if they realize they clicked a bad link. Immediate reporting can trigger incident response plans to contain damage. Regular drills or tabletop exercises can ingrain this. (Many Missouri counties learned from the Jackson County incident and are updating their response plans and backup procedures as a result.)

Local governments in Missouri must treat cybersecurity training as seriously as fire drills. The public trust and essential services are on the line, so investing in staff awareness and good cyber hygiene is non-negotiable.

Residential Clients: Phishing at Home

Not all Pinpoint Tech’s clients are businesses or agencies – many are individuals and families (residential clients) who also face phishing attempts daily. While you can’t exactly hold a formal “staff training” for your household, education and vigilance at home are just as important to avoid scams. In Missouri, some phishing and fraud schemes that have been prevalent for consumers include:

  • Social Security & Government “Long-Con” Scams: In 2024, Missouri’s Senior Medicare Patrol highlighted a new hybrid scam: it starts with a fake email or text about an issue with your Amazon or PayPal account, which then leads you to a caller impersonating the Social Security Administration. The scammer claims your SSN is compromised and eventually tries to get you to transfer money for “safe-keeping” – sometimes even arranging an in-person pickup of cash or gold! This elaborate phishing/vishing combo, dubbed the “SSA long-con,” preys especially on seniors. The hallmark of such scams is an unsolicited contact that escalates into threats and urgent demands for money – always a red flag.
  • Medicare and Healthcare Scams: Missourians have reported calls and emails from fraudsters pretending to be Medicare, offering free medical devices or genetic tests in exchange for personal info. Some received emails asking them to “update your Medicare details online” – a phishing site aimed at stealing Medicare numbers. Never trust these unsolicited healthcare-related communications; Medicare and legitimate insurers don’t ask for sensitive info via email or random calls. Always verify through official channels.
  • Banking and Payment App Phishing: Many individuals receive phishing texts or emails saying “Your bank account is locked” or “Unusual Zelle transfer, verify now.” In north Missouri, there were reports of scam texts claiming to be from local banks with a link. Clicking the link leads to a fake login page to steal your credentials. Similarly, phishing emails appear to come from popular payment services (PayPal, Venmo) with false alerts to panic users into clicking. The goal is to harvest your login or bank card data.
  • Tech Support and Utility Scams: You might see a pop-up on your home computer claiming “Virus detected – call Microsoft now!” (It’s fake), or get an email from “Ameren Missouri” warning of an overdue bill (when you know you paid). These are phishing tactics to either scare you into paying or into giving someone remote access to “fix” your device (where they will actually install malware). Missouri’s utilities and tech companies won’t randomly email you demanding instant action under threat; when in doubt, contact the company directly using their official customer service number.

For individuals, awareness is the best defense. Here are some training-style tips you can use in your own household:

  • Stay Informed on Scams: Talk with your family (and especially check in on elderly relatives) about the latest scam alerts. The FTC, Missouri Attorney General, AARP, and local news sources like KCHI Radio frequently publish warnings about current scams. For instance, knowing ahead of time that “Important Notice” postcards or unsolicited loan offers are making the rounds can help you immediately toss such mail in the trash. Make it a habit to share “Did you hear about this scam?” stories at dinner – it sounds a bit paranoid, but it builds a healthy skepticism.
  • Phishing Red Flags: Ensure everyone in your household who uses email or a smartphone knows the classic signs of phishing. These include urgent or threatening language, requests for personal info or payments out of the blue, misspellings or strange sender addresses, and instructions to pay via gift cards or wire transfers. No legitimate business or government agency will demand you settle a surprise debt via iTunes gift cards – that’s a sure sign of a scam (one that unfortunately has tricked many seniors). When in doubt, don’t click – verify through an official website or phone number.
  • Use Security Tools: Even at home, you can implement some protections. Make sure you have up-to-date antivirus software and enable spam/phishing filters on your email accounts. Teach family members how to use a password manager and turn on multi-factor authentication for important accounts. These tools can prevent some phishing attempts from reaching you or mitigate damage if a password is stolen.
  • What to Do If You’re Phished: Mistakes happen – maybe you or someone in your family clicked a bad link. Don’t be embarrassed; act quickly. If you entered passwords, immediately change them (from a clean device) and enable 2-factor auth. If you gave out financial info or see unauthorized charges, contact your bank and freeze accounts as needed. And report the scam to authorities (FTC at ReportFraud.ftc.gov, or local police if money was lost). Reporting helps agencies track scammers and warn others.

While you may not consider yourself “staff,” treating your family like a little organization that needs cyber awareness can go a long way. By staying alert and educating each other, Missouri families can avoid the phishers’ hooks.

How to Train Your Staff (and Yourself) to Prevent Phishing

We’ve seen how phishing scams are impacting various sectors in Missouri. Now, the critical question: what can you do to stop it? The answer is to train, train, and keep training your people. Effective phishing awareness training builds an instinctive skepticism in your staff (or family) so they pause and think before clicking. Here’s how to implement training and best practices, with some specific tips for different groups:

Key Training Best Practices (All Sectors)

  • Regular Phishing Drills: Don’t limit training to an annual slideshow. Conduct routine simulated phishing exercises – for example, monthly or quarterly. These fake phishing emails (sent by your IT team or a service) test employees in a safe manner. If someone clicks a simulation, use it as a coaching opportunity, not punishment. Over time, simulations teach staff to second-guess strange emails. (Bonus: it keeps them on their toes since they’ll never know if an email is a test or real!)
  • Teach the Hallmarks of Phishing: Ensure every employee can list the “red flags” of a phishing message. Common signs include: poor spelling/grammar, mismatched sender address (e.g. accounting@micros0ft.co instead of Microsoft.com), generic greetings, urgent threats (“act now or you’re fired/owe money”), and requests for sensitive data or payments. Also train staff to inspect links (hover over them to see the URL) and be wary of attachments from unknown senders. CISA recommends regularly reviewing the basic signs of phishing in training sessions. Make posters or cheat-sheets to reinforce these signs at a glance.
  • Promote a “Think Before You Click” Culture: Cultivate an office culture where it’s not only acceptable but encouraged to slow down and verify. Phishing preys on our impulse to react quickly. Encourage employees to double-check unusual requests via another channel – e.g., if the CEO emails you for an urgent fund transfer, call them or confirm with a supervisor. Train everyone that it’s better to be overly cautious than regretful. Leadership should model this behavior by openly discussing phishing attempts and how they handled them. The goal is a vigilant workforce that approaches emails with a healthy dose of skepticism.
  • Easy Reporting Channels: Make it simple for staff to report suspected phish. This could be a button in your email client (“Report Phishing”) or an email alias like phishing@yourcompany.com. Respond to these reports constructively – thank the employee and share teachable examples (anonymizing as needed). When employees see that reporting is encouraged and acted upon, they’ll be more proactive. Early reporting can drastically reduce the damage if a phishing email does slip through filters.
  • Up-to-Date Threat Briefings: Designate someone (IT security officer or even an informed employee) to keep tabs on new scams relevant to your industry or area, and brief the team periodically. For instance, if there’s news of a widespread phishing email pretending to be from a local bank, shoot out a quick internal memo: “Heads up, there’s a fake bank email going around – do not click links, our bank will never ask for login via email.” These updates keep awareness fresh and relevant.
  • Layered Security & Policies: As part of training, remind staff of technical policies in place: e.g., “we use multi-factor authentication, so never approve an MFA push if you aren’t logging in” (to thwart phishing that steals passwords), or “all external emails are tagged – be extra careful when you see the [External] banner.” Non-technical policies matter too: e.g., a policy that payments above $X require verbal verification can stop BEC scams cold. Training should cover these rules so employees understand why they exist (to counteract phishing).

Sector-Specific Tips:

  • For SMBs: Emphasize free or low-cost training resources. CISA’s “Secure Our World” program offers free tip sheets, videos, and even phishing templates for small businesses. In North Missouri, consider partnering with local chambers of commerce or IT service providers (like Pinpoint Tech) for group training sessions. SMB employees often multitask across roles, so ensure everyone from the receptionist to the owner attends the training – scams can target anyone.
  • For Healthcare Staff: Incorporate phishing drills into regular HIPAA training. Use real-world examples (like the CMS fax scam) to show relevance: “If an email or fax request seems off, it could be a phishing attempt to steal patient data – which would be a serious HIPAA breach.” Encourage a “trust but verify” habit especially when handling patient records requests and insurance communications. Also, remind clinicians who might not check email often to be just as cautious – an attacker only needs one account (be it a doctor, nurse, or admin) to potentially access the network.
  • For Educators: Leverage existing frameworks like Cybersecurity Awareness Month (October) to engage staff and students with fun phishing awareness activities (quizzes, contests for spotting a fake email, etc.). Teachers are educators by nature – enlist tech-savvy teachers to become “cyber ambassadors” who can help train their peers in a relatable way. Given tight school budgets, use free resources: for example, the FTC has a site consumer.ftc.gov with scam examples and videos that can be shared in newsletters or staff meetings.
  • For Government Employees: Stress the importance of protocol. Government offices often have clear guidelines, but employees might bypass them to be helpful. Training should underscore that no matter how official an email looks, employees must follow verification procedures (especially for fund transfers or releasing citizen data). It’s also worth conducting role-based training: officials who handle finances get specialized BEC scam training; those in HR learn about phishing targeting employee W-2 data; law enforcement personnel learn to recognize IT-centric scams (like fake police subpoenas via email, which have been seen). Missouri’s public sector can also tap federal resources (Homeland Security routinely offers cyber training to state/local governments).
  • For Individuals/Families: Community-based training and info-sharing can help. Consider attending local workshops (libraries, senior centers often host scam awareness talks). As an IT-savvy person, you might volunteer to give a short presentation to your church group or at a Rotary club about current phishing scams – raising the community’s collective defense. In your household, make sure even less-techy members have some fundamental training: sit down with them to go through an email inbox and identify which messages are phishing. Set up family “rules” like never give out passwords or one-time codes to anyone who contacts you, and always ask a trusted family member if you’re unsure about a message or call. A little personal training can prevent a lot of heartache.

Reinforce Success & Keep Adapting

Recognize and praise employees who follow the training. Did someone spot and report a sophisticated phishing email? Shout it out (anonymously if needed) – “Thanks to an employee’s quick reporting, we avoided a potential breach this week. Great job staying vigilant!” This positive reinforcement builds a sense of pride and collective responsibility in stopping scams.

Finally, acknowledge that phishers are constantly evolving their tactics, so your training must evolve too. In the coming years, we expect more phishing leveraging AI to create perfectly worded, personalized emails, and more novel tricks like QR code phishing. (Already, QR code phishing attacks jumped 270% in 2024, as attackers found new ways to evade email filters.) Prepare your workforce for this by instilling core critical-thinking skills and updating them on new threats. As one report noted, the threat will only grow as phishers use generative AI to craft highly specific messages at scale – but an aware human can still outsmart a fake, no matter how polished.

In conclusion, Missouri businesses, organizations, and residents can greatly reduce phishing risks through diligent staff training and awareness programs. The scams are out there and not going away, but with knowledge and caution, you can prevent that next click from turning into a catastrophe. Stay informed, stay suspicious of unexpected requests, and make cybersecurity training a regular part of your operations. In the fight against phishing, your people truly are your best defense.

Stay safe out there, and remember: think before you click!

Contact Pinpoint Tech
Call Us (816) 629-6149

Frequently Asked Questions (FAQs) – Phishing Scams

Recent phishing scams in Missouri include fake Medicare or medical record requests sent to clinics, emails impersonating government agencies or officials (for example, scammers posing as the IRS or a city executive), and business email compromise scams targeting small businesses (such as fraudulent invoice or payment requests). Even physical scams like phony “Important Notice” postcards have been reported. These scams try to trick victims into revealing sensitive information or sending money. It’s important to stay wary of any unsolicited communication asking for personal data, passwords, or payments – no matter how official it looks.

Start by checking for the classic warning signs of phishing. Look at the sender’s email address – is it from an unusual domain or spelled strangely (e.g., @micros0ft.com instead of @microsoft.com)? Read the message carefully for poor grammar, generic greetings like “Dear Customer,” or urgent/threatening language (“Your account will be closed today if you don’t act!”). Hover over links (without clicking) to see if the URL looks legitimate – phishing links often are mismatched or full of random characters. Also, phishers often request sensitive info or payments via email, which real organizations wouldn’t do. If anything seems “off” or unexpected about an email, it’s best to not click any links or attachments. Verify the content through a trusted channel (for example, call the company directly using an official number). When in doubt, throw it out!

Absolutely. Phishing is a threat no matter the size or location of your business. In fact, scammers often target small businesses because they know cybersecurity might not be a top priority. Even with a handful of employees, a single successful phishing attack (say, stealing your email password or tricking you into paying a fake invoice) can cause outsized damage to a small company. The good news is that phishing awareness training doesn’t have to be costly or complex. Teach your team the basics of how phishing works, run through some example scam emails, and establish simple policies (like “always verify payment requests in person or by phone”). Many breaches are avoidable with just a bit of training. In a small team, every person is an even bigger part of the defense – make sure each employee knows how to spot a phish.

A good phishing awareness training program will cover: 1) How to recognize phishing emails – going over red flags like suspicious senders, urgent demands, attachments, and links as mentioned. 2) Company-specific policies – for instance, remind employees that your company will never ask for their password via email, and that all payment requests must follow certain verification steps. 3) Reporting procedures – employees should know how to report a suspected phish (e.g., send to IT or click the “Report Phishing” button). 4) Practice with examples – show actual phishing email examples (screenshots or simulations) and let employees discuss what clues stand out. 5) Ongoing reinforcement – emphasize that training isn’t one-and-done; it should be refreshed regularly, and new scam techniques will be shared as they arise. Including interactive elements like quizzes or fake phishing tests can greatly improve engagement and retention of these lessons.
In addition to regular training, organizations should implement technical and administrative safeguards as layers of defense. Some important measures include: using email security filters (to block known spam/phishing and scan attachments), enforcing multi-factor authentication (MFA) on email and important accounts (so even if a password is stolen, attackers can’t easily login), and keeping software up to date (to patch vulnerabilities phishers might exploit). It’s also wise to have clear IT policies: for example, require strong unique passwords (or use a password manager), and have rules for verifying any financial transaction requests. Regular data backups are critical too – if a phishing email leads to ransomware, backups can save you. Finally, ensure you have an incident response plan. That way, if a phishing attack does slip through, your team knows how to respond quickly to minimize damage (disconnecting an affected computer, notifying IT, etc.). By combining ongoing user education with smart security tools and procedures, you create a robust shield against phishing.

Sources

  1. Federal Trade Commission – “New FTC Data Show a Big Jump in Reported Losses to Fraud to $12.5 Billion in 2024” – https://www.ftc.gov/news-events/news/press-releases/2025/03/new-ftc-data-show-big-jump-reported-losses-fraud-125-billion-2024
  2. KCHI Radio – “Police Warn Of Postcard Scam” – https://kchi.com/?p=72211
  3. SC Media – “Missouri County Latest Local Government Ransomware Victim, 18th of 2024” – https://www.scworld.com/news/missouri-county-government-confirms-ransomware-attack
  4. FBI Internet Crime Complaint Center (IC3) – “2024 IC3 Report” (PDF) – https://www.ic3.gov/AnnualReport/Reports/2024_IC3Report.pdf
  5. Rural Spotlight (Missouri Rural Health Info Center) – “Medical Record Phishing Scams” – https://ruralhealthinfocenter.health.mo.gov/medical-record-phishing-scams/
  6. HIPAA Journal – “Georgia & Missouri Healthcare Providers Notify Patients About 2024 Hacking Incidents” – https://www.hipaajournal.com/georgia-missouri-healthcare-hacking-incidents-2024
  7. Care Connection / Missouri SMP – “Missouri SMP Fraud Fact – November 2024” – https://goaging.org/2024/missouri-smp-fraud-fact-november-2024
  8. Missouri SMP – “Inspector General’s Office Warns Consumers to Be Aware” – https://missourismp.org/inspector-generals-office-warns-consumers-to-be-aware/
  9. CISA – “Teach Employees to Avoid Phishing” – https://www.cisa.gov/secure-our-world/teach-employees-avoid-phishing
  10. Upfort – “2025 Upfort Phishing Attack Report” – https://www.upfort.com/guides/2024-upfort-phishing-attack-report
  11. Keepnet Labs – “2025 QR Code Phishing Statistics: Key Quishing Trends & Stats” – https://keepnetlabs.com/blog/2024-qr-code-phishing-trends-in-depth-analysis-of-rising-quishing-statistics
  12. The SSL Store Blog – “A Look at U.S. Business Email Compromise Statistics (2024)” – https://www.thesslstore.com/blog/business-email-compromise-statistics/
  13. SchoolSafety.gov – “Cybersecurity | SchoolSafety.gov” – https://www.schoolsafety.gov/cybersecurity
  14. Keeper Security Blog – “Public Sector Cyber Attacks That Happened in Q1 2024” – https://www.keepersecurity.com/blog/2024/03/26/public-sector-breach-alert-q1-2024/
  15. Missouri State Auditor – “Statewide Security Awareness Training” (PDF) – https://auditor.mo.gov/AuditReport/ViewReport?report=2024035
  16. MOREnet – “Infosec IQ – Employee and End-User Security & Education” – https://www.more.net/solutions/security-data-privacy/employee-and-end-user-security-and-education/infosec-iq/
  17. Washington University in St. Louis Office of Information Security – “Phishing (Sample Alerts & Guidance)” – https://informationsecurity.wustl.edu/tag/phishing/

Share the Post:

Related Posts

  • Cybersecurity, IT Support, Managed IT Services, Missouri SMB, Small Business IT

Top 7 Tech Headaches We Solve for Small Businesses Every Week

Managed IT services let Missouri businesses offload their IT headaches to a trusted partner. This guide explains in plain English what a managed IT package includes – from network monitoring and cybersecurity to helpdesk support – plus the benefits and costs for SMBs.

May 8, 2025
  • Education IT, Healthcare IT, Missouri Business Tech, Network Infrastructure, Office Technology, Small Business IT, Structured Cabling

Structured Cabling – How Organized Wiring Boosts Office Productivity and Connectivity

Reliable connectivity is the backbone of every successful office. This article explores how structured cabling – a neat, standardized approach to network wiring – boosts day-to-day operations for businesses, schools, and clinics. From faster speeds and fewer outages to easy upgrades as you grow, discover why investing in organized cabling now can pay off for years to come.

May 15, 2025