Be Aware of Email Scam Using USDA Logo 

The National Organic Program of the USDA is aware that certifiers and certified operations have received emails from sources pretending to be the USDA. These emails, referred to as phishing emails, have been sent using the following information:

• Fake Sender: [email protected]
• Email Subject: 2025 information verification/update

Phishing is a common type of cyber attack that targets individuals through email or text messages to attempt to acquire sensitive data, such as email passwords. These messages are often designed to look like they come from a trusted person or organization, to get recipients to open malicious links or enter information on malicious websites.

The recent emails contain the USDA logo to make the sender appear valid. Each email asks the recipient to confirm information, click on a button or link, and to enter sensitive information in a location that the fake senders provide. The emails also threaten to suspend or revoke the operation’s organic license, which some readers may believe refers to their USDA organic operation certificate. However, it does not.

The emails were not sent by USDA – certifiers and certified operations should not respond to them, click on any links in them, or send sensitive personal or business information.

As a reminder, emails sent by the USDA, AMS or NOP are from the “usda.gov” email domain. To verify email authenticity, look at the information included between the carats (< sample >) or brackets [[email protected]] shown next to the sender’s name. It is possible for the sender to falsely use “usda.gov” in its name. However, it is not possible for a non-USDA government entity to show its email domain (the information between the carats or brackets) as “usda.gov.”

When reviewing emails for authenticity, look for the following queues to help identify phishing emails:

• Includes suspicious sender’s address that may imitate a legitimate business or government entity.
• Demands you take urgent action.
• Offers generic greetings and signature. Excludes contact information from the signature block.
• Spoofs hyperlinks and websites in body text that does not match the URL text shown when hovering over links.
• Contains spelling errors, poor grammar, or poor sentence structure. Uses inconsistent formatting.
• Includes suspicious attachments with requests for you to download and open the attachment.

If you are a certifier or certified operation and receive an email that claims to be from the USDA, AMS or NOP, and you are concerned about its authenticity, you may contact your Accreditation Manager (for USDA certifiers) or your certifier (for certified operations) to verify the email’s validity. If you received such an email and have already clicked on the link or provided sensitive information, we encourage you to report it to your organization’s information technology department, reset your passwords, and scan your computer/device for malicious viruses/malware.