Organic certifiers and certified farms, ranches and other businesses recently received scam emails threatening to suspend licenses from sources pretending to be the USDA, according to the agency’s National Organic Program.

The phishing emails contained the USDA logo to make the sender appear valid. Each email asked the recipient to confirm information, click on a button or link and enter sensitive information in a location that the fake senders provide.

According to a Feb. 6 USDA news release, the emails came from amendez@rootedschool.org and the subject line was 2025 information verification/update.

These emails were not sent by the USDA, and certifiers and certified operations should not respond to them, click on any links in them or send sensitive personal or business information.

As a reminder, emails sent by the USDA and National Organic Program are from the usda.gov email domain.

About phishing

Phishing is a common type of cyber attack that targets individuals through email or text messages to attempt to acquire sensitive data, such as email passwords.

These messages are often designed to look like they came from a trusted person or organization to get recipients to open malicious links or enter information on malicious websites.

When reviewing emails for authenticity, look for the following information to help identify phishing attempts.

• Includes suspicious sender’s address that may imitate a legitimate business or government entity.

• Demands you take urgent action.

• Offers generic greetings and signature.

• Excludes contact information from the signature block.

• Spoofs hyperlinks and websites in body text that does not match the URL text shown when hovering over links.

• Contains spelling errors, poor grammar or poor sentence structure. Uses inconsistent formatting.

• Includes suspicious attachments with requests for you to download and open the attachment.

• Certifiers and certified operations that are concerned about authenticity can contact their accreditation manager or certifier to verify the email’s validity.

Those who received a phishing email and clicked on the link or provided information should report the incident to their organization’s information technology department, reset their passwords and scan their computer and device for malicious viruses and malware.