25 April 2025

Email Phishing Scam Falsely Using the USDA Logo

ALERT for Certifiers and Certified Operations:

Be Aware of Email Phishing Scam Falsely Using the USDA Logo

Organic4colorsealJPG.jpg

The National Organic Program (NOP) is aware that certifiers and certified operations have received emails from sources pretending to be the USDA. These emails, referred to as phishing emails, have been sent using the following information:

  • Fake Sender: `NOP.guidance@usda.gov` <`xxxx@stceciliafc.com`>
  • Email Subject: USDA-NOP Certificate Holder Information verification

Phishing is a common type of cyber attack that targets individuals through email or text messages to attempt to acquire sensitive data, such as email passwords. These messages are often designed to look like they come from a trusted person or organization, to get recipients to open malicious links or enter information on malicious websites.

The recent emails contain the USDA logo and NOP contact information to make the sender appear valid. Each email asks the recipient to confirm information, click on a button or link, and enter sensitive information in a location the fake senders provide. The emails also threaten to suspend or revoke the operation’s organic license, which some readers may believe refers to their USDA organic operation certificate. However, it does not.

USDA did not send the emails – certifiers and certified operations should not respond to them, click on any links in them, or send sensitive personal or business information.

Emails sent by the USDA, AMS or NOP are from the “usda.gov” email domain. To verify email authenticity, look at the information included between the carats <`sample.email@domain.com`> or brackets [sample.email@domain.com] shown next to the sender’s name. It is possible for the sender to falsely use “usda.gov” in its name. However, it is not possible for a non-USDA government entity to show its email domain (the information between the carats or brackets) as “usda.gov.”

When reviewing emails for authenticity, look for the following cues to help identify phishing emails:

  • Includes a suspicious sender’s address that may imitate a legitimate business or government entity.
  • Demands you take urgent action.
  • Offers generic greetings and signature. Excludes contact information from the signature block.
  • Spoofs hyperlinks and websites in body text that do not match the URL text shown when hovering over links.
  • Contains spelling errors, poor grammar, or poor sentence structure. Uses inconsistent formatting.
  • Includes suspicious attachments with requests for you to download and open the attachments.

If you are a certifier or certified operation and receive an email that claims to be from the USDA, AMS or NOP, and you are concerned about its authenticity, you may contact your Accreditation Manager (for USDA certifiers) or your certifier (for certified operations) to verify the email’s validity.

If you received such an email and have already clicked on the link or provided sensitive information, we encourage you to report it to your organization’s information technology department, reset your passwords, and scan your computer/device for malicious viruses/malware.